Cisco informed customers on Friday that at least some of its products are affected by an Apache Struts2 command execution vulnerability that has been exploited in the wild over the past days.

The flaw has been confirmed to affect the Cisco Identity Services Engine (ISE), the Prime Service Catalog Virtual Appliance, and the Unified SIP Proxy Software. The networking giant has published a list of dozens of products that are not affected, but there are still many products under investigation.