cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2369
Views
25
Helpful
3
Replies

CSCvm71860 - Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability

AustinHarsh2908
Level 1
Level 1

There isn't a patch out for this yet right? ISE 2.4 Patch 8 I think is version 2.4(0.904) correct? I'm getting that from the bundle name: ise-patchbundle-2.4.0.357-Patch8-19041200.SPA.x86_64.tar.gz, but I don't know since it's kind of right in middle of it. Will a yet to be released patch 9 be version 2.4(0.906)?

 

Would be nice if the bug report listed patch numbers along with the version or if the patches more clearly reflected which version ISE will be if installed.

3 Replies 3

user101111
Level 1
Level 1

Did you ever get an answer to this? I'm wondering the same thing.

This bug was noted as resolved in the Release notes in Ise 2.4(0.357) Patch 6, so patch after that will also include this fix. Such as Patch 7-9

ISE 2.4(0.357) Release Notes

Resolved Caveats in Cisco ISE Release 2.4.0.357- Cumulative Patch 6

The following table lists the resolved caveats in Release 2.4 cumulative patch 6.

Patch 6 might not work with older versions of SPW. MAC users must upgrade their SPW to MACOSXSPWizard 2.2.1.43 or later, and Windows users must upgrade their SPW to WinSPWizard 2.2.0.53 or later.

Caveat ID NumberDescription

CSCux55288

Guest remember-me breaks ISE Guest Activity Logging

CSCuy41309

ISE 2.x Unable to delete endpoint from endpoint group

CSCuz00603

Unable to add duplicated mappings to multiple SXP VPNs

CSCvb17967

ISE fails to read response from MDM with special characters

CSCvb45390

Collection Filters configured with User name is not working for TACACS Author/Acct

CSCvc06629

[ISE] SMS notifications in non-English containing <BR> HTML tag

CSCvd79952

EasyConnect CoA not sent after session merge in distributed deployment

CSCvf03310

ISE email notifications to guests sends twice email for approval and guest user

CSCvf19364

ISE 2.2 no patch, SXP process fails when trying to create network subnet static mapping

CSCvf30591

ISE 2.2: Disabled password Lifetime, however getting reminder for account expiration.

CSCvf75225

ISE 2.1-P3 || high CPU seen in PAN due to 100K limit in redis

CSCvg86743

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

CSCvh09779

ISE 2.x TACACS log extremely slow

CSCvh11308

Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability

CSCvh19430

ISE 2.x : Guest account activation time discrepancy for imported accounts

CSCvh31565

ISE fails to re-establish TCP syslog connection after break in connectivity

CSCvh54905

Identity Admin cannot see users under Identities tab

CSCvh83222

ISE: Need a report/dashboard for total unique endpoints

CSCvh91118

Flexibility needed to choose the time intervals in disclosing the user name for failed auth

CSCvh97544

Short CPU spikes can be observed when client didnt respond and ISE is used as RADIUS Proxy

CSCvi21043

Library conds referrred in policies are getting deleted; evaluation is giving deny access

CSCvi23542

Unexpectedly error during stress authentications : RPC Logon request failed - STATUS_ACCESS_DENIED

CSCvi30462

Bulk guest import does not work using when logged into sponsor portal using SAML provider,

CSCvi37480

SNMPv3 COA failures on ISE using HP switches

CSCvi41678

Endpoint Attributes not updated in context visibility

CSCvi42404

validDays does not match span of fromDate to toDate for ERS created guests

CSCvi43687

ISE 2.2 Endpoint export may contain duplicate entries

CSCvi48298

Policy Hit count value gets nullified while click on REFRESH button.

CSCvi50320

EST Service not running owhen ISE iseca folder missing

CSCvi61204

ISE 2.1 Endpoint Purge policy is matched but job halts during execution.

CSCvi67780

ISE Internal CA : SAN ext validation fails if it isn't the first entry in RequestedExtensions in CSR

CSCvi68271

ERS API get all endpoints not returning description field as stated in documentation

CSCvi97332

Unsupported character Backslash has to be added to the UI error message while creation of admin user

CSCvi99561

AC 4.6 Application enforcement is not working for Torrent

CSCvj01047

Password length limitation when adding DC's in the PassiveID section of 32 characters.

CSCvj05563

Cannot delete security groups having virtual network mapping

CSCvj24095

Unknown Radius Flow is set to RadiusFlowType when updating ExternalIdStoreDictionary

CSCvj25696

User customer attributes order doesn't change after drag drop and save.

CSCvj31243

ISE 2.3 AD Group SID Update fails for Groups referenced in the policies

CSCvj50257

Active endpoints are mismatched from expected value

CSCvj57593

SNMP CoA is not sending correct SNMP traps

CSCvj62592

Cisco Identity Services Engine (ISE) Java Deserialization Vulnerability

CSCvj62599

Cisco Identity Service Engine (ISE) unsafe deserialization in Adobe Action Message Format (AMF)

CSCvj62614

Cisco Identity Services Engine (ISE) File Upload Code Execution Vulnerability

CSCvj63376

ISE 2.2 VPN MDM- Compliance not updated from MDM Compliance Checker for active session

CSCvj64763

DNAC-ISE:Pxgrid failover fails with 2.4 patch1 with DNAC - ISE Integration

CSCvj65552

ISE 2.4 Backup Input Validation does not occur on backup name characters

CSCvj67414

ISE HSTS Max-Age parameter is too agressive no includedDomains flag

CSCvj72699

ISE stops publishing SXP mapping

CSCvj73152

Enable VLAN DHCP release breaks guest flow for ISE 2.4

CSCvj77878

pxgrid: XMPP Cleartext Authentication

CSCvj92976

ISE : Incomplete error message while importing an icon under Network Device Profiles

CSCvj95709

Enable pxGrid in FIPS mode

CSCvj99698

Guest password is not reset if Sponsor does not have rights to view the Guest Password

CSCvk01682

ISE allows importing multiple instances of same language in portal setup

CSCvk04424

Changed name for My Reports against Policy Set match removes the delete option from My Reports

CSCvk10156

RBAC SuperAdmin Data Access over written by read-only data access for Network Device Groups

CSCvk13724

EPG mappings not created on ISE

CSCvk23161

ISE stops responding to TACACS requests.

CSCvk23532

Remove GMT portion from $ui_start_date_time$ and $ui_end_date_time$ on Email Notifications

CSCvk27295

NMAP fails to execute when an EP matches a Admin Created profiling policy

CSCvk28847

ISE sponsor's e-mail shoud not be in CC when view/print guests' passwords is disabled

CSCvk34232

Posture remediation files are limited to 50MB

CSCvk38374

ISE 2.4 Sponsor-Group OWN_ACCOUNTS email association

CSCvk39421

ISE offline profiler feed service unavailable 17/07/18

CSCvk40105

Editing guest user throws pop up error when creating with java scripts in first and last name

CSCvk48315

Live sessions are not seen in ISE Live logs page in ISE 2.4

CSCvk51906

DST changes are not honored by the shift job which is causing the data movement issues on MNT nodes

CSCvk55285

ISE doesn't validate the data type date in the custom endpoint attribute

CSCvk58134

SAML authentication is showing wrong Identity store in Sponsor Login and Audit report

CSCvk59357

Admin warned of license non-compliance even after adding new licenses

CSCvk65898

ISE 2.4 : Social Login e2e flow fails due to recent changes done on Facebook side

CSCvk68196

SNMPv3 profiling works only with DES or AES128 privacy protocol

CSCvk70087

SecureSyslogCollectors should be disabled by default on remote log targets.

CSCvk71816

ISE ADE-OS - when trying to change timezone there should be a warning stated it is not supported

CSCvk72606

ISE- Can login to GUI with disabled admin accounts.

CSCvk74190

Radius Token Identity Caching Timeout not Configurable

CSCvm00127

ISE sponsor email customization doesn't add image properly

CSCvm03842

PxGrid SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection - CVE-2009-3555

CSCvm09377

HTTP Request Header for ISE fails if it contains @ in email

CSCvm09493

ISE 2.4 | Unable to save multiple custom attributes at once

CSCvm11230

Customer sees no data available for this record for "Details" page in Live Logs

CSCvm12105

ISE 2.3 not hitting policy with Session BYOD-Apple-MiniBrowser-Flow condition

CSCvm12281

ISE 2.3 Context Visibility Authentication Policy column is blank.

CSCvm12443

ISE should not send alarm for 'ERS-Media-Type' not present in ERS header

CSCvm14030

Evaluation of positron for Struts remote code execution vulnerability August 2018

CSCvm15059

ISE 2.1+ : Identity Source Sequence info button information is wrong for Sponsor Portal

CSCvm16060

Cannot Disable Telnet Change Password

CSCvm16523

ISE 2.3 to 2.4 upgrade is failing with error "nodes are not on the same ISE patch version"

CSCvm16952

Oracle Security Alert Advisory - CVE-2018-3110

CSCvm20561

ISE 2.x || Cisco-Device profiler policy missing the tandberg OUI as a condition

CSCvm21147

ISE: After upgrading to ISE 2.4 schedule backup are not working.

CSCvm22262

AMQP Cleartext Authentication Vulnerability

CSCvm26334

Endpoints not re-profiled after config restore and import new profiles

CSCvm27249

PassiveID Probe hprof files in temp folder

CSCvm29583

ISE AD lookup broken due to non-whitelisted domain lookup failing

CSCvm31919

IE11 : Trash icon linked to MAC address search box in Context Visibility

CSCvm32107

Unable to delete Root Network Device Group

CSCvm32303

Rest API- Unable to retrieve Guest User Details using ToDate filters

CSCvm33217

AD groups with more than one space doesn't allow authZ policy to be saved

CSCvm33673

Difference between Oracle and ES in terms of description

CSCvm34694

Newly created Network Device Model Name and Software Version are not present in GUI

CSCvm39902

Maintain Connectivity During Reauthentication option not working

CSCvm39909

Live log detailed reports shows msec instead of seconds for session timeout

CSCvm41485

ISE 2.3 : Unable to access NFS repository and scheduled reports not working using NFS respository

CSCvm41759

'Error 400' after pressing Sing Out on the Manage Guest Accounts page.

CSCvm45072

OWASP ZAP reports Cross Site Scripting (DOM Based) on pxGrid Web application

CSCvm45330

pxGrid cert change causing onAuthzRequest DENIED

CSCvm45941

ISE 2.4 not sending "Framed-IP-Address" attribute in profile when using leading zero

CSCvm47317

30+ GB files left behind after successful ISE 2.4 upgrade

CSCvm47507

Changes made in allowed protocols is missing in change configuration audit reports

CSCvm47638

ISE-secondary node doesnt send COA when guest account gets suspended or deleted

CSCvm48075

Manual CoA fails from Context Visibility if user never accesses Live logs or Live Sessions prior

CSCvm49084

ISE PB portal files are not restored with a restore of an old backup

CSCvm49503

WasMachineAuthenticated EQUALS False No Longer Parsed in Runtime--ISE 2.4

CSCvm57650

BYOD TLS not working for IOS 12 FCS release

CSCvm61134

SXP debug logs are not dumped in sxp.log unless services are restarted

CSCvm62783

'EST-CSR-Request' dictionary condition does not work

CSCvm62862

Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability

CSCvm66696

ISE 2.4 Conditional CoA failure upon EndPoint Identity Group change

CSCvm66751

Guest AUP: AUP acceptance is triggering replication event

CSCvm67561

Accounting messages from ASR1K not saved and not shown in ISE Reports

CSCvm69965

Chrome:Cannot create new ByoD portal

CSCvm70470

Max Sessions" value can not be applied on GUI after applying 2.2p10 or 2.3p4

CSCvm71860

Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability

We are running on 2.4 Patch 8 and 10, and still having the slow TACACS response from a PSN. Any known solution yet?