Cisco disclosed three vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector that can be chained from unauthenticated credential hash exposure through arbitrary file read to root-level remote code execution. Proof-of-concept code is publicly available for the file read flaw, no workarounds exist for any of the three, and patching is the only remediation path. Because ISE sits directly in the network access control and authentication enforcement path, its compromise can propagate policy violations across all ISE-integrated network segments.