| Summary | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload files to a location that should be restricted. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials. |
|---|---|
| Publication Date | Nov. 7, 2024, 2:15 a.m. |
| Registration Date | Nov. 7, 2024, 5 a.m. |
| Last Update | Nov. 7, 2024, 3:17 a.m. |
| Title | シスコシステムズの Cisco Identity Services Engine (ISE) における脆弱性 |
|---|---|
| Summary | シスコシステムズの Cisco Identity Services Engine (ISE) には、不特定の脆弱性が存在します。 |
| Possible impacts | 情報を改ざんされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Nov. 6, 2024, midnight |
| Registration Date | April 8, 2025, 10:51 a.m. |
| Last Update | April 8, 2025, 10:51 a.m. |
| シスコシステムズ |
| Cisco Identity Services Engine (ISE) 3.1 未満 |
| Cisco Identity Services Engine (ISE) 3.1.0 |
| Cisco Identity Services Engine (ISE) 3.2.0 |
| Cisco Identity Services Engine (ISE) 3.3.0 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2025年04月08日] 掲載 |
April 8, 2025, 10:51 a.m. |