Uncredential scan on Cisco ISE - Nessus Scanner

Lyn17 · ‎04-13-2023

Hi everyone,

I just upgraded our ISE from 3.1 to 3.2. Before the upgrade, I'm able to scan get a credential scan using a domain user account on ISE with ACAS. However, after the upgrade, I'm no longer able to get a credential scan using the same domain user account. I already have a ticket open with TAC, but I'm just checking if anyone here have had the same issue and was able to resolve it.

Thanks in advanced.

marce1000 · ‎04-13-2023

- Check ISE logs related to the credential scan process (e.g.) ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

ahollifield · ‎04-13-2023

Why do you wish to do this? ISE is a hardened appliance based on Linux but its shell is not a normal Linux shell.

Lyn17 · ‎04-13-2023

We need it for DoD compliance. Our cyber and validator need to have the nessus scan files for the ISE servers.

ahollifield · ‎04-14-2023

What are they looking to find?

Lyn17 · ‎04-17-2023

Vulnerabilities and/or bug such as CSCwd51409. There was a vulnerability (medium) on ISE that's the reason why I upgrade to 3.2 Patch 1 to resolve it. Unfortunately, after the upgrade, the CLI join domain was broken and I can no longer do a credential scan our 2 ISE nodes.

hslai · ‎04-15-2023

Likely CSCwd51409, which is resolved in ISE 3.2 Patch 1.