Cross-Site Scripting Vulnerability in Cisco Identity Services Engine
CVE-2016-9214

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Identity Services Engine (ise)
Vendor
CVE Published:
14 December 2016

Summary

Cisco Identity Services Engine (ISE) has a vulnerability that may permit an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack on users of its web interface. This could lead to unauthorized actions performed by the user who interacts with the compromised interface, resulting in potential data exposure or system manipulation. The vulnerability is especially concerning for organizations using the affected versions, as it allows for exploitation without user authentication.

Affected Version(s)

Cisco Identity Services Engine (ISE) Cisco Identity Services Engine (ISE)

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94807
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037417
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.