Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability
MonitorCVSS 6cisco-sa-ise-cmd-inj-5WSJcYJBApr 15, 2026
Cisco
IT in OT - Cisco networking products are commonly deployed in OT environments
Attack path
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) CLI allows an authenticated local attacker with administrative privileges to perform command injection due to insufficient input validation. A successful exploit allows privilege escalation to root on the underlying operating system.
What this means
What could happen
An attacker with admin access to the ISE CLI could inject commands to gain root privileges on the underlying operating system, potentially allowing full control of the identity management system and all connected network authentication.
Who's at risk
Network administrators and security teams running Cisco Identity Services Engine for network access control and authentication should prioritize this update. This affects any organization using ISE for 802.1X authentication, guest access, or endpoint compliance checking in enterprise networks.
How it could be exploited
An attacker with administrative CLI access crafts a malicious command that exploits insufficient input validation, causing the system to execute unintended operating system commands with elevated (root) privileges. This gives the attacker complete control over the ISE appliance and potentially the network infrastructure it manages.
Prerequisites
- Local access to ISE CLI
- Valid administrative user credentials for ISE
- Knowledge of the specific vulnerable CLI command
no authentication required for CLI access if admin credentials compromisedlocal access required but high impact if exploitedleads to root-level system compromise
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (1)
ProductAffected VersionsFix Status
Identity Services Engine SoftwareAll versionsFix available
Remediation & Mitigation
0/3
Do now
0/2HARDENINGRestrict CLI access to Cisco ISE to trusted administrative personnel only
HARDENINGMonitor ISE admin account activity and CLI command execution for suspicious commands
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Cisco ISE Software to the latest patched version as released by Cisco
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a508affd-48fb-4323-9e91-ef186931b85cGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.