Solved: Re: ISE CVEs

rwehe · ‎04-10-2018

Hi ISE Experts,

I have a question about several CVEs that affect ISE and I'm wondering if you can make a comment as to what versions of ISE these will be patched in. The CVEs all show "No workarounds available" and we're hoping to get a little more concrete information about these bugs.

CVE-2018-0211
CVE-2018-0212
CVE-2018-0213
CVE-2018-0214
CVE-2018-0215
CVE-2018-0216
CVE-2018-0221

Timothy Abbott · ‎04-10-2018

Hi,

Save for a couple, a fix is pending release. Unfortunately, I don't have a time table for when the fixes will be released. Please see below:

CVE-2018-0211 (pending release)
CVE-2018-0212 (fixed in 2.2 p6)
CVE-2018-0213 (pending release)
CVE-2018-0214 (pending release)
CVE-2018-0215 (fixed in 2.3)
CVE-2018-0216 (pending release)
CVE-2018-0221 (pending release)

Regards,

-Tim

View solution in original post

Timothy Abbott · ‎04-10-2018

Hi,

Save for a couple, a fix is pending release. Unfortunately, I don't have a time table for when the fixes will be released. Please see below:

CVE-2018-0211 (pending release)
CVE-2018-0212 (fixed in 2.2 p6)
CVE-2018-0213 (pending release)
CVE-2018-0214 (pending release)
CVE-2018-0215 (fixed in 2.3)
CVE-2018-0216 (pending release)
CVE-2018-0221 (pending release)

Regards,

-Tim

hslai · ‎04-12-2018

ISE 2.4 FCS have all these addressed.

rwehe · ‎04-13-2018

Would it be possible to get these listed in the ISE 2.4 Resolved Caveats section?

hslai · ‎04-13-2018

I've forwarded your request.

Meanwhile, for those resolved in ISE 2.4 should already have the FCS build number listed under known fixed releases in Cisco Bug Search Tool.