CVE-2020-3149

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) Software versions prior to 2.7.0

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device. The issue is due to insufficient input validation by the web-based management interface. An attacker could exploit this by providing malicious data to a specific field within the interface, potentially allowing the execution of arbitrary script code in the context of the affected interface or access to sensitive, browser-based information.

Recommendations For versions prior to 2.7.0, update to Cisco ISE Software release 2.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid providing malicious data to specific fields within the interface until the issue is resolved.