There are no workarounds that address this vulnerability. However, administrators may disable the affected feature.
To disable ERS in Cisco ISE releases 2.0 to 2.7, do the following:
Log in to the Cisco ISE web management interface.
Choose Administration > System > Settings.
Choose ERS Settings.
Click the Disable ERS radio button.
To disable ERS in Cisco ISE Release 3.0, do the following:
Log in to the Cisco ISE web management interface.
Click the menu icon.
Choose Administration > System > Settings.
Click the Disable ERS radio button.
To disable ERS in Cisco ISE releases 3.1 and 3.2, do the following:
Log in to the Cisco ISE web management interface.
Click the menu icon.
Choose Administration > System > Settings.
Choose API Settings.
Choose the API Service Settings tab.
Click the ERS (Read/Write) toggle switch to deactivate it.
While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.