March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
September 2, 2021
Rewterz Threat Alert – APT SideWinder Group Targeting Pakistani Officials – Active IOCs
September 2, 2021
Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
September 2, 2021
Rewterz Threat Alert – APT SideWinder Group Targeting Pakistani Officials – Active IOCs
September 2, 2021
Severity
Medium
Analysis Summary
CVE-2021-34759
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need valid administrative credentials.
Impact
- Cross-site scripting
- Unauthorized Access
Affected Vendors
Cisco
Affected Products
- Cisco ISE 2.2 Patch17 and earlier
- Cisco ISE 2.4 Patch14 and earlier
- Cisco ISE 2.3 Patch7 and earlier
- Cisco ISE 2.6 Patch9 and earlier
- Cisco ISE 2.7 Patch4 and earlier
- Cisco ISE 3.0 Patch3 and earlier
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-4HnZFewr