Cisco has fixed a critical vulnerability in Identity Services Engine (ISE) and Identity Services Engine Passive Identity Connector (ISE-PIC) that allowed valid administrative users to eavesdrop sensitive files stored on servers.
Dubbed CVE-2026-20029, the bug has been found to result from the error in the XML parsing process in the web management interface. This bug has been rated with the potential for data exposure. The CVSS score for this bug is still in the process of being finalized.
They gain access to administrative credentials. The attacker now uploads an XML file that succeeds in making the application read arbitrary files on the OS. The attack could result in secrets like configuration information or credentials being exposed that are not meant for even administrative access.
“'Exploiting successfully gives attackers access to files they shouldn't,' Cisco said in its advisory notice, stressing that there is no workaround for the vulnerability.
All types and configurations of Cisco ISE and ISE PIC are affected. There are no other products affected according to the confirmation by the Product Security Incident Response Team (PSIRT) of Cisco. A Proof of concept exploit is available in the wild. According to PSIRT, there were no malicious attacks yet.
Researchers involved in the discovery include Bobby Gould of the Zero Day Initiative in Trend Micro. Companies that depend on the ISE for network access control, especially in the context of an enterprise/cloud environment, may be at risk if the ISE is not patched.
Patches and Upgrade for ISE Vulnerability
Cisco urges immediate upgrades. Here’s a breakdown of fixed releases:
| Cisco ISE/ISE-PIC Release | First Fixed Release |
|---|---|
| Earlier than 3.2 | Migrate to a fixed release |
| 3.2 | 3.2 Patch 8 |
| 3.3 | 3.3 Patch 8 |
| 3.4 | 3.4 Patch 4 |
| 3.5 | Not vulnerable |
Cisco’s support page guide to upgrade via Cisco’s ISE.
PSIRT only validates these releases:
ISE drives zero trust environments, and therefore this XXE injection being a nightmare in compliance intensive industries such as banking and healthcare can be paired with privilege escalation attacks by hackers using this CVE. It can be utilized as it has a proof of concept available.
👉🏻 Found this article interesting? Follow us on Facebook, Twitter and whatsapp to read more exclusive content we post.
