Ethical Hacking News
Cisco has issued an alert regarding a critical flaw in its Identity Service Engine solution that can be exploited by attackers with admin privileges to access sensitive information on unpatched devices. This vulnerability highlights the importance of patch management and timely software updates in protecting against cyber threats.
Cisco has identified a critical vulnerability in its Identity Services Engine (ISE) network access control solution, CVE-2026-20029. The vulnerability can be exploited by attackers with admin privileges to access sensitive information on unpatched devices. The flaw is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. A proof-of-concept exploit is available online, making it easy for attackers to take advantage of this vulnerability. Cisco recommends upgrading to the fixed software release or migrating to an earlier version to avoid future exposure. The vulnerability follows previous zero-day exploits in Cisco ISE and AsyncOS solutions. Customers are advised to restrict access to vulnerable appliances until security updates are released.
Cisco has sounded the alarm on a critical vulnerability in its Identity Services Engine (ISE) network access control solution, which can be exploited by attackers with admin privileges to access sensitive information on unpatched devices. The security flaw, identified as CVE-2026-20029, affects both Cisco ISE and Cisco ISE Passive Identity Connector (ISE-PIC), regardless of device configuration.
According to a recent report from the company's Product Security Incident Response Team (PSIRT), the vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application, which would allow them to read arbitrary files from the underlying operating system, including sensitive data that should otherwise be inaccessible even to administrators.
To further exacerbate the issue, a proof-of-concept (PoC) exploit is available online, making it easy for attackers with high privileges to take advantage of this vulnerability. The PSIRT has warned that while there are no signs of active exploitation at present, the availability of the PoC code highlights the potential for malicious actors to target unsuspecting organizations.
In a statement regarding the vulnerability, Cisco emphasized the importance of upgrading to the fixed software release to avoid future exposure and fully address this vulnerability. The company also recommends that customers migrate to an earlier version of the software, which is not vulnerable, until they can update to the latest patch.
Interestingly, this vulnerability follows in the footsteps of a maximum-severity Cisco ISE zero-day (CVE-2025-20337) that was previously exploited by hackers to deploy custom malware. In response to this incident, Cisco updated its advisory to warn that CVE-2025-20337 was under active exploitation, and a researcher published proof-of-concept exploit code.
Furthermore, the company has also warned customers about another maximum-severity Cisco AsyncOS zero-day (CVE-2025-20393) that is still awaiting patching. In this case, UAT-9686, a Chinese threat group tracked by Amazon's threat intelligence team, is exploiting CVE-2025-20393 in attacks targeting Secure Email and Web Manager (SEWM) and Secure Email Gateway (SEG) appliances.
Until the security updates are released, Cisco advises customers to restrict access to vulnerable appliances by restricting connections to trusted hosts, limiting internet access, and placing them behind firewalls to filter traffic. This advice underscores the ongoing importance of prioritizing patch management and keeping software up-to-date in today's digital landscape.
The incident serves as a timely reminder of the potential risks associated with vulnerabilities in network access control solutions and highlights the need for vigilant patch management practices. As organizations navigate the increasingly complex cybersecurity threat landscape, it is crucial to stay informed about emerging vulnerabilities and take proactive steps to protect against them.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Warns-of-Critical-Identity-Service-Engine-Flaw-with-Publicly-Available-Exploit-Code-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisco-warns-of-identity-service-engine-flaw-with-exploit-code/
https://nvd.nist.gov/vuln/detail/CVE-2026-20029
https://www.cvedetails.com/cve/CVE-2026-20029/
https://nvd.nist.gov/vuln/detail/CVE-2025-20337
https://www.cvedetails.com/cve/CVE-2025-20337/
https://nvd.nist.gov/vuln/detail/CVE-2025-20393
https://www.cvedetails.com/cve/CVE-2025-20393/
Published: Thu Jan 8 03:22:00 2026 by llama3.2 3B Q4_K_M
