Lucene search

[email protected]NVD:CVE-2021-1603

HistoryJul 08, 2021 - 7:15 p.m.

CVE-2021-1603

2021-07-0819:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cisco identity services engine

web interface

stored xss

user validation

remote attacker

sensitive information

administrative credentials

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.2%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials.

Affected configurations

Nvd

Node

ciscoidentity_services_engineRange<2.6.0

ciscoidentity_services_engineMatch2.6\(0.999\)-

ciscoidentity_services_engineMatch2.6.0-

ciscoidentity_services_engineMatch2.6.0patch1

ciscoidentity_services_engineMatch2.6.0patch2

ciscoidentity_services_engineMatch2.6.0patch3

ciscoidentity_services_engineMatch2.6.0patch5

ciscoidentity_services_engineMatch2.6.0patch6

ciscoidentity_services_engineMatch2.6.0patch7

ciscoidentity_services_engineMatch2.6.0patch8

ciscoidentity_services_engineMatch2.7\(0.356\)-

ciscoidentity_services_engineMatch2.7.0-

ciscoidentity_services_engineMatch2.7.0patch1

ciscoidentity_services_engineMatch2.7.0patch2

ciscoidentity_services_engineMatch3.0.0-

ciscoidentity_services_engineMatch3.0.0patch1

ciscoidentity_services_engineMatch3.0.0patch2

VendorProductVersionCPE
ciscoidentity_services_engine*cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*
ciscoidentity_services_engine2.6(0.999)cpe:2.3:a:cisco:identity_services_engine:2.6\(0.999\):-:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:-:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch8:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine	*	cpe:2.3:a:cisco:identity_services_engine::::::::
cisco	identity_services_engine	2.6(0.999)	cpe:2.3:a:cisco:identity_services_engine:2.6\(0.999\):-::::::
cisco	identity_services_engine	2.6.0	cpe:2.3:a:cisco:identity_services_engine:2.6.0:-::::::
cisco	identity_services_engine	2.6.0	cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1::::::
cisco	identity_services_engine	2.6.0	cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2::::::
cisco	identity_services_engine	2.6.0	cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3::::::
cisco	identity_services_engine	2.6.0	cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5::::::
cisco	identity_services_engine	2.6.0	cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6::::::
cisco	identity_services_engine	2.6.0	cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7::::::
cisco	identity_services_engine	2.6.0	cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch8::::::

Rows per page:

1-10 of 171

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-TWwjVPdL

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.2%

JSON

Related for NVD:CVE-2021-1603

cve1 prion1 cvelist1 nessus1 cisco1