Cisco ISE and ISE-PIC Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). This vulnerability allows an authenticated attacker with administrative credentials to execute arbitrary commands on the underlying operating system of the affected device. The issue arises from insufficient validation of user-supplied input, enabling exploitation through crafted HTTP requests. In single-node ISE deployments, successful exploitation could lead to a denial-of-service condition, causing the ISE node to become unavailable and disrupting network access for unauthenticated endpoints.

Impact

Exploitation of this vulnerability could result in unauthorized remote code execution on the affected device, with potential escalation of privileges to root. In single-node ISE deployments, this exploitation could cause the ISE node to become unavailable, creating a denial-of-service condition that prevents unauthenticated endpoints from accessing the network until the node is restored.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading can be found on the Cisco Identity Services Engine support page. For versions earlier than 3.1, users are advised to migrate to a fixed release.