Cisco Working on Fix ISE Hole

Tuesday, September 1, 2015 @ 04:09 PM gHale

Cisco found a problem in its Identity Services Engine (ISE) where its administration portal doesn’t properly authorize HTML requests which could allow an attacker to see custom pages an administrator created.

“To exploit this vulnerability, the attacker must send a crafted HTTP request to the filename of the customized page on the guest portal,” the Cisco advisory said. “The Cisco ISE guest portal is configured to use customized uploaded HTML files, making an exploit easier to accomplish. Environments that restrict access from untrusted sources could make successful exploitation more difficult.”

Attackers Taking Over Cisco Gear
Cisco Patches IOS-XE Vulnerability
Cisco Working on Videoscape Issues
Cisco Fixes Flaws in Security Wares

A system administrator’s custom pages can contain sensitive security information about the network that ISE is managing.

Cisco said it has seen exploit code for the vulnerability, but so far it is not aware of any code in the wild. However, it hasn’t yet created a patch.

Cisco advises administrators not to put sensitive information into ISE custom pages, and recommends access control lists to restrict access to custom pages to trusted machines.

Cisco released bug ID CSCuo78045 for registered users, which contains additional details and an up-to-date list of affected product versions.