Cisco Identity Services Engine Command Injection Vulnerability Allowing Privilege Escalation to Root

A command injection vulnerability has been identified in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). This vulnerability allows an authenticated, local attacker with administrative privileges to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized privilege escalation to root. The issue arises from inadequate validation of user-supplied input, enabling attackers to exploit the vulnerability by crafting specific input for a CLI command.

Impact

Exploitation of this vulnerability could result in unauthorized command execution on the operating system, with elevated privileges to root.

Remediation

Cisco has released patches for this vulnerability. Affected users should upgrade to Cisco ISE or ISE-PIC version 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3. For instructions on upgrading, refer to the Cisco Identity Service Engine upgrade guides.