Cisco Identity Services Engine Authorization Bypass Vulnerability

An authorization bypass vulnerability has been identified in the web-based management interface of Cisco Identity Services Engine (ISE). This vulnerability allows authenticated, remote attackers to bypass authorization mechanisms for certain administrative functions. The issue arises from inadequate authorization enforcement for users created through SAML SSO integration with external identity providers. Exploitation of this vulnerability could enable attackers to modify a limited range of system settings, including those that trigger a system restart. In single-node Cisco ISE deployments, devices not authenticated to the network will remain unable to authenticate until the Cisco ISE system is back online.

Impact

Exploitation of this vulnerability could allow an authenticated, remote attacker to bypass authorization mechanisms, potentially leading to unauthorized modification of system settings, including those that cause a system restart. In single-node deployments, this could disrupt network authentication until the system is restored.

Remediation

Cisco has released software updates to address this vulnerability. Users are advised to upgrade to version 3.2P8 (available November 2025), 3.3P5, or 3.4P2. For instructions on upgrading, refer to the Cisco Identity Services Engine Upgrade Guides.