**Name of the Vulnerable Software and Affected Versions:**

Cisco ISE and Cisco ISE-PIC versions 3.4

**Description:**

A vulnerability exists in an internal API of Cisco ISE and Cisco ISE-PIC due to missing file validation checks. This allows an unauthenticated, remote attacker to upload arbitrary files to an affected device and execute them on the underlying operating system as root. The attacker could exploit this by uploading a crafted file, potentially storing malicious files and executing arbitrary code or gaining root privileges. This issue is actively exploited in real-world attacks.

**Recommendations:**

Update Cisco ISE and Cisco ISE-PIC version 3.4 to a fixed version.