https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-0-357-patch-5-cve-2018-15459-cscvi44041/m-p/3797042#M485403 <P>It is fixed with patch2 for 2.4 release. Looks like this defect was never added to any of the release notes as it was fixed for older versions as well. I will work with document team on why that is. Thanks for bringing this to our attention.</P> Thu, 07 Feb 2019 17:19:44 GMT howon 2019-02-07T17:19:44Z https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-0-357-patch-5-cve-2018-15459-cscvi44041/m-p/3796619#M485399 <P>Hello Gentlemen</P> <P>I have ISE-cube 2.4.0.357 patch 5 &amp; CVE-2018-15459 (bug id CSCvi44041).</P> <P>&amp; i have something mutually exclusive on this vulnerability. specifically <A href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege</A> states that vulnerability is fixed in 2.4 patch 2, BUT 2.4 RNs <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html</A> doesnt confirm previous to be true. So which document must be trusted &amp; is there any patch|hotfix for this vulnerability?</P> <P>Clarification on this question&nbsp;is highly appreciated :0)</P> Thu, 07 Feb 2019 09:57:29 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-0-357-patch-5-cve-2018-15459-cscvi44041/m-p/3796619#M485399 Andrii Oliinyk 2019-02-07T09:57:29Z https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-0-357-patch-5-cve-2018-15459-cscvi44041/m-p/3797042#M485403 <P>It is fixed with patch2 for 2.4 release. Looks like this defect was never added to any of the release notes as it was fixed for older versions as well. I will work with document team on why that is. Thanks for bringing this to our attention.</P> Thu, 07 Feb 2019 17:19:44 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-0-357-patch-5-cve-2018-15459-cscvi44041/m-p/3797042#M485403 howon 2019-02-07T17:19:44Z https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-0-357-patch-5-cve-2018-15459-cscvi44041/m-p/3797099#M485407 <P>10x buddy</P> <P>have a nice day</P> Thu, 07 Feb 2019 18:28:06 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-0-357-patch-5-cve-2018-15459-cscvi44041/m-p/3797099#M485407 Andrii Oliinyk 2019-02-07T18:28:06Z https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-0-357-patch-5-cve-2018-15459-cscvi44041/m-p/3801164#M485410 <P>To close the loop on this, the RNs have been updated to reflect fix for <SPAN style="caret-color: #000000; color: #000000; font-family: Calibri, sans-serif; font-size: 14.666666984558105px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; display: inline !important; float: none;">CSCvi44041</SPAN>. Thank you.</P> Wed, 13 Feb 2019 16:58:55 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-0-357-patch-5-cve-2018-15459-cscvi44041/m-p/3801164#M485410 howon 2019-02-13T16:58:55Z