## https://sploitus.com/exploit?id=SAINT:9DC52DFD3229D9E3C90FB22FE327E194
Added: 07/17/2025
### Background
Cisco Identity Services Engine (ISE) is a centralized user access control which provides network access policy for end users whether they connect through a wired or wireless network or by VPN.
### Problem
A vulnerability in the Cisco ISE ERS API could allow remote, unauthenticated attackers to inject arbitrary commands in a request to the `**InternalUser**` resource.
### Resolution
Apply Cisco ISE 3.3 Patch 7 or Cisco ISE 3.4 Patch 2 or higher.
### References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
### Platforms
Linux