Cisco Identity Services Engine Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Cisco Identity Services Engine (ISE) versions prior to 3.2, 3.2, 3.3, and 3.4. This vulnerability allows an authenticated attacker with Read Only Admin credentials to execute arbitrary commands on the underlying operating system of the affected device. The issue arises from insufficient validation of user-supplied input, enabling exploitation through crafted HTTP requests. Successful exploitation could lead to unauthorized user-level access, with potential escalation to root privileges. In single-node ISE deployments, this vulnerability could cause the node to become unavailable, creating a denial-of-service condition that prevents unauthenticated endpoints from accessing the network until the node is restored.

Impact

Exploitation of this vulnerability could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access and privilege escalation. In single-node ISE deployments, successful exploitation could cause the ISE node to become unavailable, disrupting network access for unauthenticated endpoints until the node is restored.

Remediation

Users are advised to upgrade to Cisco ISE versions 3.2 Patch 8, 3.3 Patch 8, or 3.4 Patch 4. For instructions on upgrading, see the Upgrade Guides on the Cisco Identity Service Engine support page.