Advisory ID: CVE-2024-20338
Severity: Critical (CVSS 7.2)
Affected Product: Cisco Identity Services Engine (ISE)
Access Vector: Remote, Unauthenticated
Summary:
Cisco has disclosed a critical vulnerability (CVE-2024-20338) in its Identity Services Engine (ISE) that allows unauthenticated remote attackers to execute arbitrary system commands on the underlying operating system with root-level privileges.
What’s at Risk:
An attacker exploiting this flaw could:
- Gain unauthorized root access
- Execute commands on the ISE appliance
- Compromise authentication and authorization workflows
- Pivot to other systems and exfiltrate sensitive credentials or policy configurations
The vulnerability stems from improper input validation in the web-based management interface of Cisco ISE. An attacker could exploit it by sending specially crafted HTTP requests to an affected system.
Affected Versions:
This vulnerability affects Cisco ISE software releases prior to the following fixed versions:
- 3.1: Fixed in 3.1.0.518
- 3.2: Fixed in 3.2.1.120
ISE version 3.3 and later are not vulnerable.
Recommended Actions:
Organizations using Cisco ISE should take the following immediate actions:
- Patch Immediately:
- Upgrade to a fixed software release:
- ISE 3.1: Upgrade to 3.1.0.518 or later
- ISE 3.2: Upgrade to 3.2.1.120 or later
- Upgrade to a fixed software release:
- Restrict Access:
- Limit external access to the ISE management interface via access control lists or network segmentation.
- Monitor for Exploitation Attempts:
- Check logs for suspicious HTTP requests or unauthorized command executions.
- Segment Critical Systems:
- Ensure ISE instances are isolated from publicly accessible systems.
No Workaround Available:
At this time, no workarounds exist. Cisco strongly recommends upgrading to a fixed release.
Final Note:
Cisco ISE is a cornerstone of identity-based access control. A compromise of this system could grant attackers widespread network access. Treat this advisory as critical and patch immediately.
Sources and Additional Reading:
- The Cybersecurity Hub: WARNING
Cisco Maximum-Severity Vulnerability Impacting Identity Services Engine (ISE) - CISCO: Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities
Secure your business with CyberHoot Today!!!
The post Advisory: Cisco ISE Vulnerability Alert appeared first on CyberHoot.
