THREATOPS
THREAT OPSThreat News › Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

lowcisco_psirtPublished 2026-04-15

<p>A vulnerability in the&nbsp;CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to <em>root</em>.</p> <p>This vulnerability is due to insufficient validation of user supplied input.

Indicators of compromise

Original source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Authenticated%20Privilege%20Escalation%20Vulnerability%26vs_k=1