This week, Cisco announced the release of patches for a number of flaws spanning its entire product line, including serious errors in its identity, email, and web security products.
The most serious of these problems is CVE-2022-20961 (CVSS score of 8.8), a cross-site request forgery (CSRF) vulnerability in the Identity Services Engine (ISE) that could let an unauthenticated, remote attacker take unrestricted actions on a vulnerable device. The problem arises from insufficient CSRF protections in the web-based management interface of affected devices, which can be exploited if an attacker manages to trick a user into clicking on a specially crafted link.
Also Read: Cyber Attackers Target Trusted Cloud Applications in This Digital Era
Additionally, CVE-2022-20956 (CVSS score of 7.1), an authorization bypass caused by poor access control in the web-based management interface and exploitable using specially crafted HTTP requests, affects Cisco ISE.
Read More:Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products
