CVE-2021-40121

Published: Oct 21, 2021Modified: Nov 21, 2024

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

Affected (26)

Products: Cisco: Identity Services Engine

Cisco

1 product

Identity Services Engine

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Cisco Identity Services Engine	Up to 2.6
Cisco Identity Services Engine	Version 2.6.0
Cisco Identity Services Engine	Version 2.6.0 patch1
Cisco Identity Services Engine	Version 2.6.0 patch2
Cisco Identity Services Engine	Version 2.6.0 patch3
Cisco Identity Services Engine	Version 2.6.0 patch5
Cisco Identity Services Engine	Version 2.6.0 patch6
Cisco Identity Services Engine	Version 2.6.0 patch7
Cisco Identity Services Engine	Version 2.6.0 patch8
Cisco Identity Services Engine	Version 2.6.0 patch9
Cisco Identity Services Engine	Version 2.6(0.156)
Cisco Identity Services Engine	Version 2.6(0.999)
Cisco Identity Services Engine	Version 2.7.0
Cisco Identity Services Engine	Version 2.7.0 patch1
Cisco Identity Services Engine	Version 2.7.0 patch2
Cisco Identity Services Engine	Version 2.7.0 patch3
Cisco Identity Services Engine	Version 2.7.0 patch4
Cisco Identity Services Engine	Version 2.7
Cisco Identity Services Engine	Version 2.7(0.207)
Cisco Identity Services Engine	Version 2.7(0.356)
Cisco Identity Services Engine	Version 2.7(0.356)
Cisco Identity Services Engine	Version 2.7(0.903)
Cisco Identity Services Engine	Version 3.0.0
Cisco Identity Services Engine	Version 3.0.0 patch1
Cisco Identity Services Engine	Version 3.0.0 patch2
Cisco Identity Services Engine	Version 3.0(0.458)

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.