| Summary | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. |
|---|---|
| Publication Date | Aug. 22, 2024, 5:15 a.m. |
| Registration Date | Aug. 26, 2024, 4:57 p.m. |
| Last Update | Aug. 22, 2024, 9:48 p.m. |
| Title | シスコシステムズの Cisco Identity Services Engine (ISE) におけるクロスサイトリクエストフォージェリの脆弱性 |
|---|---|
| Summary | シスコシステムズの Cisco Identity Services Engine (ISE) には、クロスサイトリクエストフォージェリの脆弱性が存在します。 |
| Possible impacts | 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Aug. 21, 2024, midnight |
| Registration Date | April 1, 2025, 10:36 a.m. |
| Last Update | April 1, 2025, 10:36 a.m. |
| シスコシステムズ |
| Cisco Identity Services Engine (ISE) 2.7.0 以上 3.1 未満 |
| Cisco Identity Services Engine (ISE) 3.1.0 |
| Cisco Identity Services Engine (ISE) 3.2.0 |
| Cisco Identity Services Engine (ISE) 3.3.0 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2025年04月01日] 掲載 |
April 1, 2025, 10:36 a.m. |