Cloud security daily 220714: Cisco identity service engine found an authentication bypass vulnerability and needs to be upgraded as soon as possible

Cisco Identity Services Engine（ISE） It's Cisco （Cisco） The company's identity based environment awareness platform （ISE Identity service engine ）. The platform collects data through the network 、 Real time information in users and devices , Develop and implement strategies to monitor the network .Cisco ISE Be able to gain insight into all attacks on the network , And can reduce the pressure of complex access management .

7 month 13 Japan , Cisco has released a security update , Repair the Cisco ISE Authentication bypass vulnerability found in the engine . Here are the details of the vulnerability ：

Vulnerability Details

source ：
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9

CVE-2022-20733 CVSS score : 5.3 severity : secondary

Cisco identity service engine (ISE) A vulnerability in the login page may allow unauthenticated remote attackers to log in without credentials and have unrestricted access to all roles .

This vulnerability is due to the exposure of sensitive security assertion markup language (SAML) Metadata . Attackers can use exposed SAML Metadata bypasses authentication of the user portal to exploit this vulnerability . Successful exploitation allows attackers to access all roles without any restrictions .

Affected products

Cisco ISE 3.1 edition

Solution

Cisco ISE 3.1 Version update 3.1 Patch 3 Can repair

View more vulnerability information And upgrade, please visit the official website ：

https://tools.cisco.com/security/center/publicationListing.x