Forwarded from TWCERT/CC Security Alert: TWCERTCC-200-202604-00000018
Cisco Identity Services Engine (ISE) is an identity-based security management platform that collects information from the network and user devices to implement policies and make regulatory decisions across network infrastructure. Cisco recently released a major security vulnerability advisory.
【CVE-2026-20180, CVSS: 9.9 and CVE-2026-20186, CVSS: 9.9】 Both are Remote Code Execution (RCE) vulnerabilities that allow an authenticated remote attacker to execute arbitrary commands on the affected underlying operating system.
To successfully exploit these vulnerabilities, the attacker must possess at least read-only administrator privileges.
【CVE-2026-20147, CVSS: 9.9】 This vulnerability allows an authenticated remote attacker to execute arbitrary commands on the affected device's underlying operating system. A successful exploit requires the attacker to possess at least valid administrator credentials.