CNNVD-202601-2593 Information
CNNVD ID
CNNVD-202601-2593
Related CVE
- CNNVD Published: 2026-01-15
Description (Chinese)
Cisco Identity Services Engine(Cisco ISE)和Cisco ISE Passive Identity Connector都是美国思科(Cisco)公司的产品。Cisco Identity Services Engine是一款环境感知平台(ISE身份服务引擎)。该平台通过收集网络、用户和设备中的实时信息,制定并实施相应策略来监管网络。Cisco ISE Passive Identity Connector是一个身份服务引擎被动身份连接器。 Cisco Identity Services Engine和Cisco ISE Passive Identity Connector存在安全漏洞,该漏洞源于基于Web的管理界面输入验证不足,可能导致经过身份验证的远程攻击者进行跨站脚本攻击。
Description (English)
Cisco Industries Engineering and Cisco ISE Passive Identity Contractor are all Cisco products. Cisco Identity Services Engineering is an environmental awareness platform (ISE identity service engine). The platform regulates networks by collecting real-time information from networks, users and equipment and developing and implementing strategies. Cisco ISSE Passive Identity Contractor is a passive identity connector for the identity service engine. Cisco Infrastructure Services Engineering and Cisco ISE Passive Identity Contractors have a security loophole, which stems from inadequate input validation of the Web-based management interface, which could lead to a cross-site script attack by a remotely identified assailant.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
思科
Published
2026-01-15
Last Modified
2026-02-24
References
Patch
https://www.cisco.com/c/en/us/support/security/identity-services-engine/series.html
Share on: