Lucene search

CiscoCISCO-SA-ISE-INJECTION-QEXEGRCW

HistoryNov 01, 2023 - 4:00 p.m.

Cisco Identity Services Engine Command Injection Vulnerabilities

2023-11-0116:00:00

tools.cisco.com

cisco

identity services engine

command injection

privilege escalation

vulnerabilities

authentication

software update

local attacker

operating system

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.2%

JSON

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device.

For more information about these vulnerabilities, see the Details [“#details”] section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw”]

Affected configurations

Vulners

Node

ciscoidentity_services_engine_softwareMatchany

CPENameOperatorVersion
cisco identity services engine softwareeqany
cisco identity services engine softwareeqany

CPE	Name	Operator	Version
	cisco identity services engine software	eq	any
	cisco identity services engine software	eq	any

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw