Cisco Identity Services Engine (ISE) is an environment-aware platform (ISE Identity Services Engine) from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. An XML external entity injection vulnerability exists in the Cisco Identity Services Engine, which can be exploited by an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack on an affected device.