Cisco Identity Services Engine Arbitrary File Upload Vulnerability
TL;DR 📌
A medium-severity vulnerability has been identified in the Cisco Identity Services Engine (ISE) that allows authenticated attackers with administrative privileges to upload arbitrary files. No workarounds are available, and software updates have been released to address this issue.
What happened 🕵️♂️
A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability arises from improper validation of the file copy function, enabling attackers to exploit it by sending a crafted file upload through the Cisco ISE GUI. A successful exploit could lead to arbitrary file uploads on the affected system.
Affected products 🖥️
The vulnerability affects all versions of Cisco ISE, regardless of device configuration. Specifically, the following releases are impacted:
- Cisco ISE 3.1 and earlier
- Cisco ISE 3.2
- Cisco ISE 3.3
Cisco ISE 3.4 is not vulnerable.
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 3.1 and earlier | 3.1 P10 | |
| 3.2 | 3.2 P7 | |
| 3.3 | 3.3 P3 | |
| 3.4 | Not vulnerable | |
| 1.1 | Clarified that the vulnerability occurs in the GUI. | |
| 1.0 | Initial public release. | |
| Cisco ISE | 3.1 P10 | 3.1 and earlier |
| Cisco ISE | 3.2 P7 | 3.2 |
| Cisco ISE | 3.3 P3 | 3.3 |
Workarounds 🧯
There are no workarounds that address this vulnerability.
Risk in context 🎯
The vulnerability has a CVSS score of 4.9, categorizing it as Medium severity. While the risk of exploitation is limited to authenticated users with administrative privileges, the potential for arbitrary file uploads poses a significant security risk. Organizations should prioritize updating their systems to mitigate this vulnerability.
Fast facts ⚡
- Vulnerability: Arbitrary File Upload in Cisco ISE
- CVSS Score: 4.9 (Medium)
- Exploitation: Requires authenticated administrative access
- Workarounds: None available
- Fixed Releases: Available for affected versions
For leadership 🧭
This vulnerability in Cisco Identity Services Engine (ISE) has a Medium risk rating (CVSS 4.9). It requires authenticated administrative access for exploitation, limiting exposure primarily to internal threats. However, the ability to upload arbitrary files could lead to significant security breaches if exploited.
Remediation ask: Patch affected systems within 7 days using the fixed releases provided.
Operational impact: Expect a brief maintenance window with no configuration drift anticipated.
Now / Next / Later:
- Now: Identify affected Cisco ISE versions in your environment.
- Next: Schedule and apply the necessary software updates.
- Later: Monitor for any signs of exploitation and review access controls for administrative accounts.