November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
September 2, 2021Rewterz Threat Alert – APT SideWinder Group Targeting Pakistani Officials – Active IOCs
September 2, 2021Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
September 2, 2021Rewterz Threat Alert – APT SideWinder Group Targeting Pakistani Officials – Active IOCs
September 2, 2021
Severity
Medium
Analysis Summary
CVE-2021-34759
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need valid administrative credentials.
Impact
- Cross-site scripting
- Unauthorized Access
Affected Vendors
Cisco
Affected Products
- Cisco ISE 2.2 Patch17 and earlier
- Cisco ISE 2.4 Patch14 and earlier
- Cisco ISE 2.3 Patch7 and earlier
- Cisco ISE 2.6 Patch9 and earlier
- Cisco ISE 2.7 Patch4 and earlier
- Cisco ISE 3.0 Patch3 and earlier
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-4HnZFewr