Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities
TL;DR 📌
Multiple vulnerabilities have been identified in the Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). These vulnerabilities could allow an authenticated, remote attacker to disclose sensitive information or conduct reflected cross-site scripting (XSS) attacks. Cisco has released software updates to address these issues, but no workarounds are available.
What happened 🕵️♂️
Cisco has disclosed multiple vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). These vulnerabilities stem from insufficient validation of user-supplied input and improper data protection mechanisms in the web-based management interface. Attackers with authenticated access could exploit these vulnerabilities to execute arbitrary scripts or access sensitive information.
Affected products 🖥️
- Cisco Identity Services Engine (ISE)
- Cisco ISE Passive Identity Connector (ISE-PIC)
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 3.1 and earlier | Migrate to a fixed release. | |
| 3.2 | 3.2 Patch 8 (Dec 2025) | |
| 3.3 | 3.3 Patch 8 (Nov 2025) | |
| 3.4 | 3.4 Patch 2 | |
| 3.5 | Not vulnerable. | |
| 1.0 | Initial public release. | |
| Cisco ISE | 3.2 Patch 8 (Dec 2025) | 3.1 and earlier |
| Cisco ISE | 3.3 Patch 8 (Nov 2025) | 3.2 |
| Cisco ISE | 3.4 Patch 2 | 3.3 |
| Cisco ISE | 3.4 Patch 4 | 3.4 |
Workarounds 🧯
There are no workarounds available for these vulnerabilities.
Risk in context 🎯
The highest CVSS score for these vulnerabilities is 5.4, indicating a Medium severity level. The vulnerabilities require authenticated access, but they could lead to significant information disclosure and potential exploitation through reflected XSS attacks. Organizations using affected products should prioritize upgrading to fixed software versions to mitigate risks.
Fast facts ⚡
- Vulnerabilities: Reflected XSS and information disclosure.
- CVSS Score: Highest is 5.4 (Medium).
- Exploitation: Requires authenticated access.
- Workarounds: None available.
- Fixed Software: Available in upcoming patches.
For leadership 🧭
Cisco has identified multiple vulnerabilities in the Identity Services Engine (ISE) that pose a Medium risk (CVSS score of 5.4). These vulnerabilities require authenticated access, allowing potential attackers to execute scripts or disclose sensitive information. Immediate remediation is necessary, with a recommendation to patch within the next 7 days as fixes are available in upcoming releases.
Operational impact is minimal, requiring a brief maintenance window with no expected configuration drift.
Now: Review affected systems and plan for patching.
Next: Schedule updates for the fixed software releases.
Later: Monitor for any further advisories or updates from Cisco regarding these vulnerabilities.