Cisco has issued critical security patches to address a high-severity vulnerability in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The vulnerability, identified as CVE-2026-20029, has a CVSS score of 4.9 and could allow an authenticated, remote attacker with administrative privileges to access sensitive information. This flaw resides in the licensing feature and can be exploited by uploading a malicious file to the web-based management interface. The vulnerability was discovered and reported by Trend Micro's Bobby Gould, who found that it affects multiple versions of Cisco ISE and ISE-PIC. The affected versions include:
- Cisco ISE or ISE-PIC releases earlier than 3.2: Upgrade to a fixed release.
- Cisco ISE or ISE-PIC Release 3.2 - 3.2 Patch 8.
- Cisco ISE or ISE-PIC Release 3.3 - 3.3 Patch 8.
- Cisco ISE or ISE-PIC Release 3.4 - 3.4 Patch 4.
- Cisco ISE or ISE-PIC Release 3.5: Not vulnerable.
Cisco emphasizes that there are no workarounds for this vulnerability and that it is aware of the availability of a proof-of-concept (PoC) exploit. However, there is no evidence of active exploitation in the wild. Additionally, Cisco has released fixes for two other medium-severity bugs related to the processing of Distributed Computing Environment Remote Procedure Call (DCE/RPC) requests, which could lead to sensitive information leaks or service disruptions in the Snort 3 Detection Engine. These vulnerabilities, CVE-2026-20026 and CVE-2026-20027, have CVSS scores of 5.8 and 5.3, respectively, and affect various Cisco products, including Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS XE Software, and Cisco Meraki software, when configured with Snort 3. Given the frequent targeting of Cisco products by malicious actors, users are strongly advised to update to the latest versions for enhanced security.
