Warning: CVE-2024-20469 in Cisco ISE with PoC Code Puts Networks at Risk
A vulnerability, tracked as CVE-2024-20469, has been discovered in Cisco Identity Services Engine (ISE). With a CVSS score of 6.0, this vulnerability allows authenticated, local attackers to elevate privileges to root on the underlying operating system.
The vulnerability, affecting Cisco ISE versions 3.2 and 3.3, stems from insufficient validation of user-supplied input within specific CLI commands. This flaw could be exploited by an attacker with valid Administrator privileges to perform command injection attacks. Once exploited, the attacker could gain root-level access, compromising the system’s security architecture.
To leverage this vulnerability, the attacker must already possess local access and valid Administrator credentials for the affected ISE instance. The attack involves submitting a carefully crafted command through the CLI, bypassing the existing input validation mechanisms, which allows unauthorized access to the operating system. This elevated access could provide the attacker with the ability to execute commands with root privileges, potentially leading to full system compromise.
While there are no reports of this vulnerability being exploited in the wild, the existence of proof-of-concept (PoC) exploit code is alarming. The Cisco Product Security Incident Response Team (PSIRT) has issued warnings regarding the availability of PoC code, urging organizations to act swiftly.
The CVE-2024-20469 vulnerability impacts all configurations of Cisco ISE running versions 3.2 and 3.3. Cisco has released the following patches to address the issue:
- Cisco ISE Release 3.2P7 (available September 2024)
- Cisco ISE Release 3.3P4 (available October 2024)
These patches are designed to fully resolve the vulnerability by strengthening the input validation processes in the affected CLI commands.
Cisco has confirmed that there are no available workarounds for this vulnerability. Organizations running affected versions of Cisco ISE must rely on the official patches to mitigate the risk.
