Loading HuntDB...

GHSA-mm26-f3wc-3rh4

GitHub Security Advisory

⚠ Unreviewed HIGH Has CVE

Advisory Details

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user.

Related CVEs

Key Information

GHSA ID
GHSA-mm26-f3wc-3rh4
Published
November 4, 2022 7:01 PM
Last Modified
November 8, 2022 7:00 PM
CVSS Score
7.5 /10
Primary Ecosystem
Unknown
Primary Package
Unknown
GitHub Reviewed
✗ No

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.