Cisco ISE Unauthenticated Remote Code Execution Vulnerability

CRITICAL (10.0) No Patch (172 days)

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available

EPSS Score: 0.13% chance of exploitation (percentile: 33%)

🔍 Detection Tools: None available in major open-source tools

⚔️ Exploit Availability: GitHub PoC

How we test →

What is it?

The Cisco Identity Services Engine (ISE) is a network access control and identity management system used by large enterprises. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root, potentially leading to unauthorized access to sensitive data and systems.

Am I affected?

You're affected if you use A vulnerability. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

Cisco Systems / Identity Services Engine

How to fix

Upgrade to Release 3.3 Patch 7 or Release 3.4 Patch 2 from the Cisco website: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/ISE-Software-Releases.html
If immediate upgrade isn't possible, restrict network access to your ISE instance (firewall it from the public internet) and audit admin account activity for suspicious access patterns.

References

Vendor Advisory