Cisco Confirms Active Exploits of ISE Flaws Enabling Unauthenticated Root Access
Cisco has acknowledged active exploitation of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that allow unauthenticated root access.
TL;DR
Cisco has confirmed that recently disclosed security vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) are being actively exploited. These flaws allow unauthenticated root access, highlighting a significant risk for organizations using these products.
Cisco Confirms Active Exploits of ISE Flaws Enabling Unauthenticated Root Access
Cisco has updated its advisory regarding a set of recently disclosed security vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The company acknowledged that these flaws are being actively exploited in the wild, enabling unauthenticated root access.
Active Exploitation Confirmed
In July 2025, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of these vulnerabilities. The flaws, if exploited, could grant attackers full administrative control over affected systems without requiring any authentication. This level of access poses a severe risk to the security and integrity of networks relying on Cisco ISE for identity management and policy enforcement.
Details of the Vulnerabilities
The vulnerabilities affect multiple versions of Cisco ISE and ISE-PIC. Organizations using these products are urged to review the updated advisory and apply the necessary patches as soon as possible. The advisory includes detailed information on the affected versions, the nature of the vulnerabilities, and mitigation steps.
Mitigation Steps
To protect against these exploits, Cisco recommends the following actions:
- Apply Patches: Immediately apply the available patches provided by Cisco.
- Monitor Network Traffic: Increase monitoring for unusual network activity that may indicate an attempt to exploit these vulnerabilities.
- Review Logs: Regularly review system logs for any unauthorized access attempts or suspicious activities.
- Update Security Policies: Ensure that security policies and configurations are up-to-date and aligned with best practices.
For further details, visit the full article: Cisco Confirms Active Exploits of ISE Flaws.
Conclusion
The active exploitation of these vulnerabilities underscores the importance of prompt patch management and vigilant monitoring. Organizations must prioritize updating their Cisco ISE and ISE-PIC deployments to mitigate the risks associated with these critical flaws.