Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1055
Views
35
Helpful
3
Replies

Cisco ISE 2.4.0.357 patch 5 CVE-2018-15459 CSCvi44041

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight

‎02-07-2019 01:49 AM - edited ‎02-07-2019 01:57 AM

Hello Gentlemen

I have ISE-cube 2.4.0.357 patch 5 & CVE-2018-15459 (bug id CSCvi44041).

& i have something mutually exclusive on this vulnerability. specifically https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege states that vulnerability is fixed in 2.4 patch 2, BUT 2.4 RNs https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html doesnt confirm previous to be true. So which document must be trusted & is there any patch|hotfix for this vulnerability?

Clarification on this question is highly appreciated :0)

1 person had this problem
2 Accepted Solutions

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎02-07-2019 09:19 AM

It is fixed with patch2 for 2.4 release. Looks like this defect was never added to any of the release notes as it was fixed for older versions as well. I will work with document team on why that is. Thanks for bringing this to our attention.

View solution in original post

Go to solution
howon
Cisco Employee
Cisco Employee
In response to andy!doesnt!like!uucp

‎02-13-2019 08:58 AM

To close the loop on this, the RNs have been updated to reflect fix for CSCvi44041. Thank you.

View solution in original post

3 Replies 3

Go to solution
howon
Cisco Employee
Cisco Employee

‎02-07-2019 09:19 AM

It is fixed with patch2 for 2.4 release. Looks like this defect was never added to any of the release notes as it was fixed for older versions as well. I will work with document team on why that is. Thanks for bringing this to our attention.

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight
In response to howon

‎02-07-2019 10:28 AM

10x buddy

have a nice day

Go to solution
howon
Cisco Employee
Cisco Employee
In response to andy!doesnt!like!uucp

‎02-13-2019 08:58 AM

To close the loop on this, the RNs have been updated to reflect fix for CSCvi44041. Thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents