Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202604-00000018
Cisco Identity Services Engine (ISE) is an identity-based security management platform that gathers information from networks and user devices to implement policies and make regulatory decisions across network infrastructure. Cisco recently issued a major security vulnerability announcement.
【CVE-2026-20180, CVSS: 9.9 and CVE-2026-20186, CVSS: 9.9】 Both are Remote Code Execution (RCE) vulnerabilities, allowing authenticated remote attackers to execute arbitrary commands on the underlying operating system of the affected device.
To exploit these vulnerabilities, the attacker must possess at least read-only administrator privileges.
【CVE-2026-20147, CVSS: 9.9】 This vulnerability allows authenticated remote attackers to execute arbitrary commands on the underlying operating system of the affected device. Successful exploitation requires the attacker to possess at least valid administrator credentials.