SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Device (Embedded Server/Appliance)  >   Cisco Identity Services Engine Vendors:   Cisco
Cisco Identity Services Engine Multiple Bugs Let Local Users Deny Service, Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks, and Let Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1040471
SecurityTracker URL:  http://securitytracker.com/id/1040471
CVE Reference:   CVE-2018-0211, CVE-2018-0212, CVE-2018-0213, CVE-2018-0214, CVE-2018-0215, CVE-2018-0216, CVE-2018-0221   (Links to External Site)
Date:  Mar 8 2018
Impact:   Denial of service via local system, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Cisco Identity Services Engine. A remote user can conduct cross-site request forgery attacks. A local user can cause denial of service conditions on the target system. A remote authenticated user can gain elevated privileges. A remote user can conduct cross-site scripting attacks.

A local user with administrative privileges can supply a specially crafted command line interface (CLI) command to trigger an input validation flaw and cause denial of service conditions on the target system [CVE-2018-0211]. A manual reboot is required to return the system to normal operations.

The web-based management interface does not properly filter HTML code from user-supplied input before displaying the input [CVE-2018-0212]. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the Cisco Identity Services Engine interface and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote authenticated user can send a specially crafted HTTP request to trigger an input validation flaw and reset credentials on the target system [CVE-2018-0213].

A local user can supply a specially crafted CLI command to trigger an input validation flaw and execute arbitrary commands on the host operating system with the privileges of the local user [CVE-2018-0214].

A remote user can create a specially crafted HTML page or URL that, when loaded by the target authenticated user, will take actions on the target web-based management interface acting as the target user [CVE-2018-0215, CVE-2018-0216].

A local user with administrator privileges can supply a specially crafted CLI configuration command to inject underlying operating system commands or cause the user session to hang or disconnect [CVE-2018-0221].=

The vendor has assigned Bug IDs CSCvf63414, CSCvh51992, CSCvf69963, CSCvf69753, CSCvf49844, CSCuv32863, CSCvf69805, and CSCvg95479 to these vulnerabilities.

Impact:   A remote user can take actions on the target system acting as the target authenticated user.

A local user can cause denial of service conditions on the target system.

A remote authenticated user can gain elevated privileges on the target system.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Cisco Identity Services Engine interface, access data recently submitted by the target user via web form to the interface, or take actions on the interface acting as the target user.

Solution:   The vendor has issued a fix.

The vendor advisories are available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise4
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise5
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise6

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise (Links to External Site)
Cause:   Access control error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC