An identity-based network access control (NAC) and policy enforcement system, Cisco ISE allows administrators to control endpoint access and manage network devices.
A total of four vulnerabilities have been identified by a researcher in ISE, the exploitation of all requiring an attacker to be a valid and authorized user of the ISE system.
The most severe of these vulnerabilities is CVE-2022-20964, a command injection bug in ISE’s web-based management interface tcpdump feature. The high-severity bug exists because user input is not properly validated.