Ddos 
Cisco has issued a critical security advisory regarding its Identity Services Engine (ISE), warning of a pair of high-stakes vulnerabilities that could allow an attacker with even minimal access to seize full control of the platform. The flaws, tracked as CVE-2026-20180 and CVE-2026-20186, have been assigned a CVSS score of 9.9, underscoring the severe risk they pose to enterprise security hubs.
According to the advisory, these “multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device”.
The danger of these vulnerabilities lies in their low barrier to entry for an authenticated intruder. Unlike some administrative flaws that require high-level “Super Admin” rights, these bugs can be weaponized by those with minimal standing. Specifically, Cisco warns that “to exploit these vulnerabilities, the attacker must have at least Read Only Admin credentials”.
The issues are rooted in “insufficient validation of user-supplied input”. An attacker who has secured a foothold in the system can exploit this oversight by sending a crafted HTTP request directly to an affected ISE device.
“A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root,” Cisco researchers stated.
The advisory notes that “in single-node Cisco ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition”. In such a scenario, any endpoints that have not already been authenticated would be effectively locked out of the network until the node is restored to a functional state.
Cisco emphasizes that these vulnerabilities “affect Cisco ISE, regardless of device configuration”. Administrators are urged to transition to a fixed release branch as soon as possible to mitigate the risk of exploitation.
| Cisco ISE Release | First Fixed Release |
|---|---|
| Earlier than 3.2 | Migrate to a fixed release. |
| 3.2 | 3.2 Patch 8 |
| 3.3 | 3.3 Patch 8 |
| 3.4 | 3.4 Patch 4 |
| 3.5 | Not vulnerable. |
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
