DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-20147: CVE-2026-20147: Authenticated Remote Code Execution in Cisco Identity Services Engine (ISE)

#security #cve #cybersecurity

CVE-2026-20147: Authenticated Remote Code Execution in Cisco Identity Services Engine (ISE)

Vulnerability ID: CVE-2026-20147
CVSS Score: 9.9
Published: 2026-04-15

CVE-2026-20147 is a critical remote code execution vulnerability (CVSS 9.9) affecting Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The flaw stems from improper neutralization of user-supplied input within the web management interface. Authenticated administrative users can exploit this to execute arbitrary commands, escalate to root privileges, and potentially cause a complete denial of service.

TL;DR

Authenticated administrative users can execute arbitrary commands and escalate to root in Cisco ISE via crafted HTTP requests due to insufficient input validation. Single-node deployments risk complete denial of service.

Technical Details

  • CWE ID: CWE-77
  • Attack Vector: Network
  • Authentication Required: Yes (Administrative credentials)
  • CVSS v3.1 Score: 9.9 (Critical)
  • Exploit Status: Unexploited / No public PoC
  • CISA KEV: Not Listed
  • Impact: Remote Code Execution (Root) / DoS
  • Vendor Bug ID: CSCws52738

Affected Systems

  • Cisco Identity Services Engine (ISE)
  • Cisco ISE Passive Identity Connector (ISE-PIC)
  • Cisco Identity Services Engine (ISE): 3.1.0 <= 3.1.0 p10 (Fixed in: 3.1.0 Patch 11)
  • Cisco Identity Services Engine (ISE): 3.2.0 <= 3.2.0 p9 (Fixed in: 3.2.0 Patch 10)
  • Cisco Identity Services Engine (ISE): 3.3.0 <= 3.3 Patch 9 (Fixed in: 3.3 Patch 10)
  • Cisco Identity Services Engine (ISE): 3.4.0 <= 3.4 Patch 5 (Fixed in: 3.4 Patch 6)
  • Cisco Identity Services Engine (ISE): 3.5.0 <= 3.5 Patch 2 (Fixed in: 3.5 Patch 3)
  • Cisco ISE Passive Identity Connector (ISE-PIC): 3.1.0
  • Cisco ISE Passive Identity Connector (ISE-PIC): 3.2.0
  • Cisco ISE Passive Identity Connector (ISE-PIC): 3.3.0
  • Cisco ISE Passive Identity Connector (ISE-PIC): 3.4.0

Mitigation Strategies

  • Upgrade Cisco ISE and ISE-PIC to the latest patched versions provided by the vendor.
  • Restrict network access to the ISE web-based management interface to trusted administrative subnets.
  • Audit and enforce the principle of least privilege for all ISE administrative accounts.
  • Monitor administrative logs for anomalous configuration changes or system diagnostic executions.

Remediation Steps:

  1. Identify the current version of Cisco ISE or ISE-PIC running in the environment.
  2. Download the appropriate patch file from the official Cisco Software Central portal.
  3. Backup the current ISE configuration and system state.
  4. Apply the patch during a scheduled maintenance window.
  5. Verify successful installation and test authentication flows to ensure stability.

References

Read the full report for CVE-2026-20147 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)