top of page
Search

Cisco Patches ISE Security Vulnerability After Exploit Release

  • Jan 8
  • 2 min read

Key Findings:


  • Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC).

  • The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.

  • The vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC.

  • An attacker could exploit the vulnerability by uploading a malicious file to the application.

  • Successful exploitation could allow the attacker to read arbitrary files from the underlying operating system, which should be off-limits even to administrators.

  • The flaw was reported by Bobby Gould of Trend Micro Zero Day Initiative.


Background


Cisco Identity Services Engine (ISE) is a security product that provides visibility into who and what is connected to the network, as well as policy control and enforcement. ISE-PIC is a passive identity collector that can be used in conjunction with ISE to provide additional identity information.


The vulnerability in the licensing feature of ISE and ISE-PIC could allow an attacker with valid administrative credentials to access sensitive information that should be inaccessible even to administrators. This is a concerning issue, as it could lead to data breaches and other security incidents.


Affected Releases


The vulnerability affects the following versions of Cisco ISE and ISE-PIC:


  • Cisco ISE or ISE-PIC Release earlier than 3.2 - Users should migrate to a fixed release.

  • Cisco ISE or ISE-PIC Release 3.2 - 3.2 Patch 8

  • Cisco ISE or ISE-PIC Release 3.3 - 3.3 Patch 8

  • Cisco ISE or ISE-PIC Release 3.4 - 3.4 Patch 4

  • Cisco ISE or ISE-PIC Release 3.5 - Not vulnerable


Mitigations and Workarounds


Cisco has not provided any workarounds to address the vulnerability. Users are advised to update to the fixed releases as soon as possible to mitigate the risk.


Threat Landscape


Cisco PSIRT confirms that public proof-of-concept (PoC) exploit code is available for the vulnerability, but they are not aware of any malicious exploitation in the wild. However, the availability of a PoC exploit increases the risk of the vulnerability being exploited by threat actors.


Given the sensitive nature of the information that could be accessed through this vulnerability, it is crucial that Cisco customers prioritize the implementation of the patches to protect their networks and sensitive data.


Sources


  • https://thehackernews.com/2026/01/cisco-patches-ise-security.html

  • https://securityaffairs.com/186682/security/public-poc-prompts-cisco-patch-for-ise-ise-pic-vulnerability.html

  • https://unsafe.sh/go-386506.html

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page