This vulnerability in Cisco ISE software involves improper limitation of a pathname to a restricted directory, commonly known as a path traversal issue. An attacker with Read Only Admin credentials can send a specially crafted HTTP request to the affected device, bypassing input validation controls. Successful exploitation grants user-level access to the OS and allows privilege escalation to root. Additionally, in single-node ISE deployments, exploitation can cause a denial of service by rendering the node unavailable, impacting network authentication services. The vulnerability affects multiple versions of Cisco ISE from 3.1.0 through 3.5.0 and various patches. The CVSS v3.1 base score is 9.9, indicating critical severity with network attack vector, low attack complexity, required privileges, no user interaction, and complete confidentiality, integrity, and availability impact.

An attacker with Read Only Admin credentials can execute arbitrary OS commands and escalate privileges to root on affected Cisco ISE devices. This compromises confidentiality, integrity, and availability of the system. In single-node deployments, exploitation can cause denial of service, preventing new endpoints from authenticating to the network until the node is restored. This can disrupt network access and security policy enforcement.

Patch status is not yet confirmed — check the Cisco vendor advisory for current remediation guidance. No official fix or temporary workaround is indicated in the provided data. Until a patch is available, restrict Read Only Admin credentials to trusted personnel only and monitor for suspicious HTTP requests targeting the ISE device. Avoid single-node deployments where possible to reduce impact of potential denial of service.