Cisco Warns of Critical Remote Code Execution Vulnerabilities in Identity Services Engine

Cisco has released a bulletin to warn of two critical unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). These flaws allow an unauthenticated attacker to execute arbitrary code with elevated privileges on affected systems. The vulnerabilities are identified by CVE-2023-20273 and CVE-2023-20274. Affected versions include ISE 3.1 and ISE 3.2. Cisco recommends that users update their systems to the patched versions to mitigate these risks.