02-07-2019 01:49 AM - edited 02-07-2019 01:57 AM
Hello Gentlemen
I have ISE-cube 2.4.0.357 patch 5 & CVE-2018-15459 (bug id CSCvi44041).
& i have something mutually exclusive on this vulnerability. specifically https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege states that vulnerability is fixed in 2.4 patch 2, BUT 2.4 RNs https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html doesnt confirm previous to be true. So which document must be trusted & is there any patch|hotfix for this vulnerability?
Clarification on this question is highly appreciated :0)
Solved! Go to Solution.
02-07-2019 09:19 AM
It is fixed with patch2 for 2.4 release. Looks like this defect was never added to any of the release notes as it was fixed for older versions as well. I will work with document team on why that is. Thanks for bringing this to our attention.
02-13-2019 08:58 AM
To close the loop on this, the RNs have been updated to reflect fix for CSCvi44041. Thank you.
02-07-2019 09:19 AM
It is fixed with patch2 for 2.4 release. Looks like this defect was never added to any of the release notes as it was fixed for older versions as well. I will work with document team on why that is. Thanks for bringing this to our attention.
02-07-2019 10:28 AM
10x buddy
have a nice day
02-13-2019 08:58 AM
To close the loop on this, the RNs have been updated to reflect fix for CSCvi44041. Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide