NHS Digital warns critical Cisco ISE flaws could allow remote code execution

NHS Digital has published cyber alert CC-4772 after Cisco released security advisories for critical vulnerabilities affecting its Identity Services Engine, warning that an authenticated attacker could exploit the flaws to achieve remote code execution.

The alert, published on 16 April and rated medium severity by NHS Digital, concerns Cisco Identity Services Engine, or ISE, a platform used by organisations to authenticate users and devices and to enforce network access policies. In its summary, NHS Digital said the vulnerabilities could allow a successfully authenticated attacker to run code remotely on an affected system.

That means an attacker would need valid credentials or authorised access before attempting to exploit the flaws. Even so, remote code execution vulnerabilities are typically treated as high-impact because they can allow malicious commands to be run on targeted systems and may create a route to wider compromise.

The warning is likely to be significant for organisations that rely on Cisco ISE as a central part of their identity and access control infrastructure. Because the product is used to manage who and what can connect to enterprise networks, vulnerabilities in the platform can have broader security implications if left unaddressed.

NHS Digital’s notice directs users to Cisco’s security advisories for technical information and vendor guidance. Organisations running Cisco ISE are being advised to review the relevant Cisco notices, determine whether their systems are affected and apply any recommended updates or mitigations.

The NHS Digital alert was updated on 16 April.