cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

418
Views
25
Helpful
3
Replies
Beginner

Cisco ISE 2.4.0.357 patch 5 CVE-2018-15459 CSCvi44041

Hello Gentlemen

I have ISE-cube 2.4.0.357 patch 5 & CVE-2018-15459 (bug id CSCvi44041).

& i have something mutually exclusive on this vulnerability. specifically https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege states that vulnerability is fixed in 2.4 patch 2, BUT 2.4 RNs https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html doesnt confirm previous to be true. So which document must be trusted & is there any patch|hotfix for this vulnerability?

Clarification on this question is highly appreciated :0)

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Cisco ISE 2.4.0.357 patch 5 CVE-2018-15459 CSCvi44041

It is fixed with patch2 for 2.4 release. Looks like this defect was never added to any of the release notes as it was fixed for older versions as well. I will work with document team on why that is. Thanks for bringing this to our attention.

Cisco Employee

Re: Cisco ISE 2.4.0.357 patch 5 CVE-2018-15459 CSCvi44041

To close the loop on this, the RNs have been updated to reflect fix for CSCvi44041. Thank you.

3 REPLIES 3
Cisco Employee

Re: Cisco ISE 2.4.0.357 patch 5 CVE-2018-15459 CSCvi44041

It is fixed with patch2 for 2.4 release. Looks like this defect was never added to any of the release notes as it was fixed for older versions as well. I will work with document team on why that is. Thanks for bringing this to our attention.

Highlighted
Beginner

Re: Cisco ISE 2.4.0.357 patch 5 CVE-2018-15459 CSCvi44041

10x buddy

have a nice day

Cisco Employee

Re: Cisco ISE 2.4.0.357 patch 5 CVE-2018-15459 CSCvi44041

To close the loop on this, the RNs have been updated to reflect fix for CSCvi44041. Thank you.