Cybersecurity

Cisco Warns Of Identity Service Engine Flaw With Exploit Code (2026)

2026-01-08 0 views admin
Cisco Warns Of Identity Service Engine Flaw With Exploit Code (2026)

Cisco has patched a vulnerability in its Identity Services Engine (ISE) network access control solution, with public proof-of-concept exploit code, that can be abused by attackers with admin privileges.

Enterprise admins use Cisco ISE to manage endpoint, user, and device access to network resources while enforcing a zero-trust architecture.

The security flaw (CVE-2026-20029) affects Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) regardless of device configuration, and remote attackers with high privileges can exploit it to access sensitive information on unpatched devices.

"This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application," Cisco said.

"A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials."

While the Cisco Product Security Incident Response Team (PSIRT) found no evidence of active exploitation, it did warn that a proof-of-concept (PoC) exploit is available online.

Cisco considers "any workarounds and mitigations (if applicable) to be temporary solutions" and said that it "strongly recommends that customers upgrade to the fixed software" to "avoid future exposure" and fully address this vulnerability.

On Wednesday, Cisco also addressed multiple IOS XE vulnerabilities that allow unauthenticated, remote attackers to restart the Snort 3 Detection Engine to trigger a denial-of-service or obtain sensitive information in the Snort data stream. However, Cisco PSIRT found no publicly available exploit code and no signs of threat actors exploiting them in the wild.

In November, Amazon's threat intelligence team warned that hackers exploited a maximum-severity Cisco ISE zero-day (CVE-2025-20337) to deploy custom malware. When it patched it in July, Cisco warned that CVE-2025-20337 could be exploited to allow unauthenticated attackers to execute arbitrary code or gain root privileges on vulnerable devices.

Over the next two weeks, Cisco updated its advisory to warn that CVE-2025-20337 was under active exploitation, and researcher Bobby Gould (who reported the flaw) published proof-of-concept exploit code

Source: BleepingComputer

🏷️ Tags

securityhackvulnerabilitycvemalware

More from Cybersecurity

Ultimate Guide: Trend Micro Warns Of Critical Apex Central RCE Vulnerability

Ultimate Guide: Trend Micro Warns Of Critical Apex Central RCE Vulnerability

2026-01-09 0
Report: Trend Micro Apex Central RCE Flaw Scores 9.8 Cvss In On-prem...

Report: Trend Micro Apex Central RCE Flaw Scores 9.8 Cvss In On-prem...

2026-01-09 0
Cisa Retires 10 Emergency Cybersecurity Directives Issued Between

Cisa Retires 10 Emergency Cybersecurity Directives Issued Between

2026-01-09 0
Fbi Warns North Korean Hackers Using Malicious Qr Codes In

Fbi Warns North Korean Hackers Using Malicious Qr Codes In

2026-01-09 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views