CISCO has recently announced that Cisco ISE Vulnerabilities are likely to be chained in an One-Click Exploit.
(https://www.securityweek.com/cisco-ise-vulnerabilities-can-be-chained-one-click-exploit)
The vulnerabilities, as well as their descriptions and CVSS Base Scores are summarized in the list below.
- CVE-2022-20964: Cisco Identity Services Engine tcpdump Feature Command Injection Vulnerability
A command injection bug in ISE’s web-based management interface tcpdump feature.
CVSS Base Score: 6.3 - CVE-2022-20959: Cisco Identity Services Engine Cross-Site Scripting Vulnerability
XSS flaw in ISE that Cisco patched in October.
CVSS Base Score: 6.1 - CVE-2022-20965: Cisco Identity Services Engine Access Bypass Vulnerability
An access bypass in the web-based management interface.
CVSS Base Score: 4.3 - CVE-2022-20966: Cisco Identity Services Engine tcpdump Stored Cross-Site Scripting Vulnerability
Flaws were identified in the tcpdump feature
CVSS Base Score: 5.4 - CVE-2022-20967: Cisco Identity Services Engine External RADIUS Server Feature Stored Cross-Site Scripting Vulnerability
Flaws were identified in the External RADIUS Server feature.
CVSS Base Score:4.8
Note: These vulnerabilities can be exploited only by valid and authorized users of the Cisco ISE system. As a best practice, customers can restrict console access and admin web access. Organizations should verify that the hosts of the respective service are not unintentionally exposed to the Internet and if such a thing happens, access should be restricted as mentioned before and password policies need to be strengthened. To configure the access restrictions, from the Cisco ISE’s interface, choose Administration > System > Admin Access > Settings > Access > IP Access. In addition, Cisco plans to release free software updates that address the vulnerabilities.