cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

312
Views
1
Helpful
4
Replies
rwehe
Cisco Employee

ISE CVEs

Hi ISE Experts,

I have a question about several CVEs that affect ISE and I'm wondering if you can make a comment as to what versions of ISE these will be patched in. The CVEs all show "No workarounds available" and we're hoping to get a little more concrete information about these bugs.

  • CVE-2018-0211
  • CVE-2018-0212
  • CVE-2018-0213
  • CVE-2018-0214
  • CVE-2018-0215
  • CVE-2018-0216
  • CVE-2018-0221
1 ACCEPTED SOLUTION

Accepted Solutions
Timothy Abbott
Cisco Employee

Hi,

Save for a couple, a fix is pending release.   Unfortunately, I don't have a time table for when the fixes will be released.  Please see below:

  • CVE-2018-0211 (pending release)
  • CVE-2018-0212 (fixed in 2.2 p6)
  • CVE-2018-0213 (pending release)
  • CVE-2018-0214 (pending release)
  • CVE-2018-0215 (fixed in 2.3)
  • CVE-2018-0216 (pending release)
  • CVE-2018-0221 (pending release)

Regards,

-Tim

View solution in original post

4 REPLIES 4
Timothy Abbott
Cisco Employee

Hi,

Save for a couple, a fix is pending release.   Unfortunately, I don't have a time table for when the fixes will be released.  Please see below:

  • CVE-2018-0211 (pending release)
  • CVE-2018-0212 (fixed in 2.2 p6)
  • CVE-2018-0213 (pending release)
  • CVE-2018-0214 (pending release)
  • CVE-2018-0215 (fixed in 2.3)
  • CVE-2018-0216 (pending release)
  • CVE-2018-0221 (pending release)

Regards,

-Tim

View solution in original post

hslai
Cisco Employee

ISE 2.4 FCS have all these addressed.

rwehe
Cisco Employee

Would it be possible to get these listed in the ISE 2.4 Resolved Caveats section?

hslai
Cisco Employee

I've forwarded your request.

Meanwhile, for those resolved in ISE 2.4 should already have the FCS build number listed under known fixed releases in Cisco Bug Search Tool.

Content for Community-Ad