A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.
2024-04-03T17:15:50.107
2025-04-28T17:01:04.910
Analyzed
CVSSv3.1: 6.5 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | identity_services_engine | < 3.1.0 | Yes |
| Application | cisco | identity_services_engine | 3.1.0 | Yes |
| Application | cisco | identity_services_engine | 3.1.0 | Yes |
| Application | cisco | identity_services_engine | 3.1.0 | Yes |
| Application | cisco | identity_services_engine | 3.1.0 | Yes |
| Application | cisco | identity_services_engine | 3.1.0 | Yes |
| Application | cisco | identity_services_engine | 3.1.0 | Yes |
| Application | cisco | identity_services_engine | 3.1.0 | Yes |
| Application | cisco | identity_services_engine | 3.1.0 | Yes |
| Application | cisco | identity_services_engine | 3.1.0 | Yes |
| Application | cisco | identity_services_engine | 3.2.0 | Yes |
| Application | cisco | identity_services_engine | 3.2.0 | Yes |
| Application | cisco | identity_services_engine | 3.2.0 | Yes |
| Application | cisco | identity_services_engine | 3.2.0 | Yes |
| Application | cisco | identity_services_engine | 3.2.0 | Yes |
| Application | cisco | identity_services_engine | 3.3.0 | Yes |
| Application | cisco | identity_services_engine | 3.3.0 | Yes |