CVE-2019-1851

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) (affected versions not specified)

Description A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This issue is due to an incorrect implementation of role-based access control (RBAC). An attacker could exploit this by crafting a specific HTTP request with administrative credentials, allowing them to generate a certificate that is signed and trusted by the ISE CA with arbitrary attributes. This could enable the attacker to access other networks or assets protected by certificate authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.