CVE-2019-1719

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) version 2.1

Description The issue is related to insufficient validation of user-supplied input in the web-based guest portal, allowing an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. This could enable the attacker to execute arbitrary script code or access sensitive browser-based information by persuading a user to click a crafted link.

Recommendations For Cisco ISE software version 2.1, update to a version that includes the fix for this issue to prevent cross-site scripting attacks. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using the interface with untrusted input until the issue is resolved.