CVE-2021-1594

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (affected versions not specified)

Description The issue is related to insufficient input validation for specific API endpoints in the REST API of Cisco Identity Services Engine. This could allow a remote attacker to perform a command injection attack and elevate privileges to root. An attacker in a man-in-the-middle position could exploit this by intercepting and modifying specific internode communications from one ISE persona to another. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying operating system. To exploit this, the attacker would need to decrypt HTTPS traffic between two ISE personas located on separate nodes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.