QID 317186

Date Published: 2022-07-13

QID 317186: Cisco Identity Services Engine (ISE) Log4j2 Vulnerability (CSCwa47133)

Cisco Identity Services Engine (ISE) is vulnerable to Log4j2 vulnerability

Affected Products
Cisco ISE following vulnerable versions:
From 2.7 Prior to 2.7P7
From 3.0 Prior to 3.0P5
From 3.1 Prior to 3.1P2
QID Detection Logic (Authenticated):
The check matches the Cisco ISE version and ise_patch retrieved via Unix Auth using "show version" command.

Successful exploit could compromise confidentiality, integrity and availability

  • CVSS V3 rated as Critical - 10 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
  • Solution

    Customers are advised to refer to CSCwa47133 for more information.

    CVEs related to QID 317186

    Software Advisories
    Advisory ID Software Component Link
    CSCwa47133 URL Logo bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47133