02-07-2019 01:49 AM - edited 02-07-2019 01:57 AM
Hello Gentlemen
I have ISE-cube 2.4.0.357 patch 5 & CVE-2018-15459 (bug id CSCvi44041).
& i have something mutually exclusive on this vulnerability. specifically https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege states that vulnerability is fixed in 2.4 patch 2, BUT 2.4 RNs https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html doesnt confirm previous to be true. So which document must be trusted & is there any patch|hotfix for this vulnerability?
Clarification on this question is highly appreciated :0)
Solved! Go to Solution.
02-07-2019 09:19 AM
It is fixed with patch2 for 2.4 release. Looks like this defect was never added to any of the release notes as it was fixed for older versions as well. I will work with document team on why that is. Thanks for bringing this to our attention.
02-13-2019 08:58 AM
To close the loop on this, the RNs have been updated to reflect fix for CSCvi44041. Thank you.
02-07-2019 09:19 AM
It is fixed with patch2 for 2.4 release. Looks like this defect was never added to any of the release notes as it was fixed for older versions as well. I will work with document team on why that is. Thanks for bringing this to our attention.
02-07-2019 10:28 AM
10x buddy
have a nice day
02-13-2019 08:58 AM
To close the loop on this, the RNs have been updated to reflect fix for CSCvi44041. Thank you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: