Cisco Identity Services Engine Authorization Bypass Vulnerability Allowing Information Disclosure and Configuration Changes

An authorization bypass vulnerability has been identified in an API of Cisco Identity Services Engine (ISE). This vulnerability allows an authenticated, remote attacker with valid read-only administrative credentials to access sensitive information, modify node configurations, and restart the node. The issue arises from inadequate authorization in a specific API and improper validation of user-supplied data. Exploitation involves sending a crafted HTTP request to the affected API. In single-node deployments, restarting the node can disrupt authentication for new devices during the reload period.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, unauthorized changes to node configurations, and disruption of node operations by causing a restart.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading can be found in the Cisco Identity Services Engine support page. Customers with service contracts should obtain the update through their usual channels. Those without service contracts can contact the Cisco Technical Assistance Center.