Threat Advisory

Cisco ISE Vulnerability Exposes Unauthorized Access

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Critical
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Cisco Identity Services Engine and Cisco ISE Passive Identity Connector platforms. The affected products and versions include Cisco ISE and Cisco ISE-PIC, with the most severe flaw, a Remote Code Execution bug, posing a critical risk to enterprise network authentication. This vulnerability allows an authenticated attacker to achieve remote code execution or conduct path traversal attacks on an affected device, resulting in significant business risk and impact, including potential network disruption, data breaches, and unauthorized access to sensitive information.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Cisco Identity Services Engine and Cisco ISE Passive Identity Connector platforms. The affected products and versions include Cisco ISE and Cisco ISE-PIC, with the most severe flaw, a Remote Code Execution bug, posing a critical risk to enterprise network authentication. This vulnerability allows an authenticated attacker to achieve remote code execution or conduct path traversal attacks on an affected device, resulting in significant business risk and impact, including potential network disruption, data breaches, and unauthorized access to sensitive information.[emaillocker id="1283"]

CVE-2026-20147 with a CVSS score of 9.9 – This critical RCE vulnerability stems from insufficient validation of user-supplied input, allowing an attacker to send a crafted HTTP request to an affected device and gain a foothold in the underlying operating system, with the potential to elevate privileges to root.

CVE-2026-20148 with a CVSS score of 5.5 – This medium-severity path traversal vulnerability also relies on improper validation of user input and requires administrative access, allowing an attacker to access sensitive files on the affected system.

Organizations running single-node deployments of Cisco ISE are at an increased risk due to the potential for exploitation to cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. If exploited, these vulnerabilities could have devastating consequences, including network disruption, data breaches, and unauthorized access to sensitive information.

RECOMMENDATION:

We recommend you to update Cisco ISE to version below:

  • 1 to verison 3.1 Patch 11 (Apr 2026)
  • 2 to verison 3.2 Patch 10 (Apr 2026)
  • 3 to verison 3.3 Patch 11 (Apr 2026)
  • 4 to verison 3.4 Patch 6 (Apr 2026)
  • 5 to verison 3.5 Patch 3

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/cisco-ise-critical-rce-vulnerability-cve-2026-20147-root-access/

[/emaillocker]
crossmenu