Security Vulnerability
Impact: Major
Strength: High
Cisco ISE Critical: Multiple CVSS 9.9 Vulnerabilities Patched
Summary
Cisco issued urgent security advisory for multiple critical vulnerabilities in ISE and ISE-PIC. CVE-2026-20147 (CVSS 9.9) allows authenticated remote attackers to execute arbitrary commands and escalate to root. CVE-2026-20148 (CVSS 4.9) is a path traversal vulnerability. CVE-2026-20180/20186 also CVSS 9.9 RCE requiring only read-only admin credentials. No workarounds available - immediate patching required.
Key Takeaways
Patch versions: ISE 3.1 Patch 11 / 3.2 Patch 10 / 3.3 Patch 11 / 3.4 Patch 6 / 3.5 Patch 3. Discovered by Jonathan Lein of TrendAI Research. Cisco PSIRT confirms no public disclosure or active exploitation. Key point: Valid admin credentials required, but read-only admin sufficient for CVE-2026-20180/20186 - credential leak amplifies impact.
Why It Matters
Largest Cisco enterprise security patch in recent months, covering core identity management product line. CVSS 9.9 RCE means attackers with admin credentials can fully compromise ISE nodes, potentially paralyzing entire network access. Single-node exploitation triggers DoS, blocking unauthenticated endpoints. Webex SSO flaw (CVE-2026-20184, CVSS 9.8) allows unauthenticated impersonation of any user.
PRO Decision
ISE users must patch within 72 hours. Priority: 1) Check ISE version immediately; 2) Upgrade to corresponding patch version; 3) Audit admin accounts and permissions; 4) Monitor abnormal HTTP request logs. Single-node deployments require urgent attention. Also check Webex SSO configuration for CVE-2026-20184 exposure.
💬 Comments (0)