The flaw is a command injection vulnerability in the command‑line interface of Cisco Identity Services Engine (ISE) and the ISE Passive Identity Connector. It is based on CWE‑116, indicating insufficient input validation that allows crafted user data to be executed by the underlying operating system. When successfully exploited, the attacker’s privileges are raised to system root, granting full control of the host and the potential to move laterally across the network. Based on the description, it is inferred that the attack vector requires an authenticated, local administrator with CLI access. The advisory does not provide a direct exploitation pathway but indicates that the flaw can be triggered by supplying malicious input to a specific command.

Cisco Identity Services Engine Software and the Cisco ISE Passive Identity Connector. No specific version ranges are listed in the advisory, so any installation that includes the vulnerable CLI command is potentially affected. The issue applies to systems where local CLI access is granted to administrative accounts.

The moderate CVSS score (6) combined with the absence of an EPSS value or KEV listing suggests the likelihood of active exploitation is uncertain. However, the vulnerability can be leveraged by anyone with authenticated local admin rights to inject shell commands that execute with root privilege, leading to a full system compromise. The exploitation vector is inferred from the description to be remote from the perspective of local access, but requires privileged user interaction.