Ethical Hacking News
Cisco Systems has issued a patch for its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) after a public Proof of Concept (PoC) exploit was disclosed. The vulnerability, tracked as CVE-2026-20029, is rated as medium-severity and affects all Cisco ISE and ISE-PIC deployments regardless of configuration. Follow the link to learn more about this vulnerability and how to apply the patch.
Cisco Systems has issued a patch for Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) after a public Proof of Concept (PoC) exploit was disclosed. The vulnerability, CVE-2026-20029, is rated as medium-severity and affects all Cisco ISE and ISE-PIC deployments regardless of configuration. The vulnerability resides in the licensing feature of Cisco ISE and ISE-PIC due to improper XML parsing in the web management interface. An authenticated remote attacker with administrative privileges could exploit this vulnerability by uploading a malicious file, enabling reading of arbitrary files on the underlying operating system. The PSIRT states that proof-of-concept exploit code is available but reports no evidence of active malicious exploitation so far. To mitigate the vulnerability, users are advised to migrate to a fixed release or apply the relevant patch.
Cisco Systems, a leading provider of networking solutions, has issued a patch for its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) after a public Proof of Concept (PoC) exploit was disclosed. The vulnerability, tracked as CVE-2026-20029, is rated as medium-severity and affects all Cisco ISE and ISE-PIC deployments regardless of configuration.
The vulnerability resides in the licensing feature of Cisco ISE and ISE-PIC due to improper XML parsing in the web management interface. An authenticated remote attacker with administrative privileges could exploit this vulnerability by uploading a malicious file, enabling the reading of arbitrary files on the underlying operating system that should not be accessible, even to administrators.
"This vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information," reads the advisory. "This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials."
The flaw was reported by Bobby Gould of Trend Micro Zero Day Initiative and has been confirmed by Cisco's Public Security Incident Response Team (PSIRT). The PSIRT states that proof-of-concept exploit code is available for the vulnerability but reports no evidence of active malicious exploitation so far.
To mitigate this vulnerability, users are advised to migrate to a fixed release or apply the relevant patch. The list of impacted releases includes:
* Cisco ISE or ISE-PIC Release First Fixed Release Earlier than 3.2 Migrate to a fixed release.
* Cisco ISE or ISE-PIC Release 3.23.2 Patch 83.33.4 Patch 43.
It is essential for organizations using Cisco ISE and ISE-PIC to apply the patch as soon as possible to prevent potential exploitation of this vulnerability.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-ISE-and-ISE-PIC-Vulnerability-A-Public-PoC-Exploit-Disclosed-ehn.shtml
Published: Thu Jan 8 10:02:31 2026 by llama3.2 3B Q4_K_M
