Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
0
Helpful
1
Replies

CSCvg95479 - Cisco Identity Services Engine Command Injection to Underlying OS Vulnerability

aniketalashe
Level 1
Level 1

‎03-07-2018 06:09 PM - edited ‎03-20-2019 09:57 PM

Hi,

 

Does this BUG also affect ISE virtual appliance. Although it states that the BUG is fixed, but there is no mention of specific version or patch in which the BUG is fixed.

 

Can anyone help with additional information.

 

Rgds,

Aniket

6 people had this problem
Labels:
0 Helpful
1 Reply 1

Johannes Luther
Level 4
Level 4

‎05-10-2018 11:30 PM

Hi,

from my understanding, the platform is not relevant for ISE application related SAs.

If there is a vulnerability in Windows, Linux or a database application, it doesn't matter if it runs on a VM or not. If there is a vulnerability in the CIMC or BIOS of the ISE (UCS part of the system), it's another thing.

 

Regarding the other complains:

>> Although it states that the BUG is fixed, but there is no mention of specific version or patch in which the BUG is fixed.

 

This was and is currently most always the case with the bug toolkit. The product, fixed and affected information is typically useless, UNLESS the specific release you are interested in is listed there.

Missing or inaccurate information is unfortunately a default in the bug toolkit. Sorry :)

 

Some of the issues are marked as fixed, because these are fixed in the Cisco code repository, but NOT in a published release.

 

If you want detailed information whether you are affected by a bug or SA, my advise is to open a TAC case!

0 Helpful
Customers Also Viewed These Support Documents