Cisco addressed several high-severity flaws in its products

04-Nov-22

The Identity Services Engine is affected by a cross-site request forgery weakness, identified as CVE-2022-2096, which is the most serious vulnerability fixed by the IT behemoth. A remote, unauthenticated attacker can take advantage of the flaw to command arbitrary operations on a vulnerable device.

A cross-site request forgery attack and other arbitrary operations on a vulnerable device might be carried out by a remote, unauthenticated attacker using a vulnerability in the web-based administration interface of the Cisco Identity Services Engine. reads the warning. The web-based administration interface of a vulnerable device has weak CSRF protections, which is the cause of this vulnerability. Read More…