cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
485
Views
0
Helpful
4
Replies

CSCwh70696 - Cisco ISE Stored Cross-Site Scripting Vulnerability

adeelshahzad
Level 1
Level 1

Dear All,

Recently, there is a vulnerability found called cross-site scripting(CVE-2024-20251) in ISE and as per cisco article fixed release is mentioned below which is little confusing about the fixed version. For instance, who has 2.7 version so which version has vulnerability fix that is not clearly mentioned in below table.

Can someone address the same and mentioned the version which has the vulnerability fix for version 2.7.  Since in below table simply mentioned "Migrate to a fixed release" for 2.7 and 3.0 but which version has to migrate its no mentioned.

May be, I have missed something. Appreciate if someone can elaborate. Thanks.

Cisco ISE Release First Fixed Release

2.7 and earlier

Migrate to a fixed release.

3.0

Migrate to a fixed release.

3.1

3.1P8

3.2

3.2P5 (Mar 2024)

3.3

3.3P1

4 Replies 4

marce1000
VIP
VIP

 

 - As for the older releases 2.7 and 3.0 ; fix  was probably still in development ; the full bug report seems rather clear 
 https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh70696

        Known Fixed Releases (2 of 2)

           3.3.0.430-Patch1
           3.1.0.518-Patch8

           So that implies that there is no fix within  the 2.7 (EOL by the way) and the 3.0 train
 
 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Hi Marce,

Thank you.

Migrate to fixed release means they are not planning to patch those versions as they are end of support, so to get the fix you would need to upgrade to at least 3.1 or higher.

Hi Dustin,

Thank you.