Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access

Cisco confirmed active exploitation of critical vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The vulnerabilities allow unauthenticated remote attackers to execute arbitrary code or upload files with root privileges. Cisco urges immediate software upgrades to mitigate the risk.