Cisco warned its customers about a security flaw impacting the Cisco Identity Services Engine (ISE), which has a publicly available exploit code. Tracked as CVE-2024-20469, the vulnerability may allow an attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.
Rafal Lykowski and Alexandre Labbé of A1 Digital International discovered and reported this vulnerability to Cisco. In the advisory, Cisco mentioned that proof-of-concept exploit code is publicly available for the vulnerability. However, Cisco has yet to find any evidence of the malicious use of the vulnerability.
Cisco Identity Services Engine (ISE) is a network security system that helps ensure that only trusted users and devices can access resources on a network. ISE is a standard policy engine that enables endpoint access control and network device administration.
Vulnerability Details
The vulnerability in specific CLI commands in the Cisco ISE originates from insufficient validation of user-supplied input. To exploit the vulnerability, the attacker must have valid Administrator privileges on an affected device. An authenticated, local attacker may exploit the vulnerability to perform command injection attacks on the underlying operating system and elevate privileges to root.
Affected Versions
- Cisco Identity Services Engine (ISE) 3.2 and prior to 3.2P7
- Cisco Identity Services Engine (ISE) 3.3 and prior to 3.3P4
Mitigation
- Cisco Identity Services Engine (ISE) 3.2P7 (releasing in Sep 2024)
- Cisco Identity Services Engine (ISE) 3.3P4 (releasing in Oct 2024)
For more information, please refer to Cisco Security Advisory (cisco-sa-ise-injection-6kn9tSxm).
Qualys Detection
Qualys customers can scan their devices with QID 317495 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
