The output of the command in the CLI is similar to the following example:
#CISCO ISE 2.4 LICENSING SOFTWARE#
To determine which release of the software is currently running on a device, administrators may use the show version command in the device CLI or navigate to the top-right corner and click Settings (gear icon) > About Identity Service Engine in the Admin portal. For information about which Cisco ISE releases are vulnerable, see the Fixed Software section of this advisory. This vulnerability affects Cisco Identity Services Engine (ISE). This advisory is available at the following link: There are no workarounds that address this vulnerability. This vulnerability cannot be exploited to add a Super Admin account.Ĭisco has released software updates that address this vulnerability. The attacker would need valid Admin credentials for the device. An attacker could then use these accounts to perform actions within their scope. A successful exploit could allow the attacker to create additional Admin accounts with different user roles. An attacker could exploit this vulnerability by authenticating to the device with an administrator account and sending a crafted HTTP request. The vulnerability is due to improper controls on certain pages in the web interface. A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device.