【Vulnerability Alert】Cisco Identity Services Has a Critical Cybersecurity Vulnerability (CVE-2026-20181)
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026062310063636 | Publication Time | 2026-06-23 10:47:37 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026-06-23 10:47:37 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Cisco Identity Services Has a Critical Cybersecurity Vulnerability (CVE-2026-20181) |
|||
| [Content]
Forwarded from TWCERTCC Security Advisory TWCERTCC-200-202606-00000016 Cisco Identity Services Engine (ISE) is an identity-based security management platform under Cisco. It can collect information from networks and user devices, and implement policies and make regulatory decisions within the network infrastructure. Recently, Cisco released a critical security vulnerability advisory (CVE-2026-20181, CVSS: 9.1). This vulnerability may allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the affected device. Remark: To exploit this vulnerability, the attacker must possess valid administrator credentials.
Information Sharing Level: WHITE (the intelligence content is information that may be publicly disclosed) |
|||
| [Affected Platform]
Cisco ISE and Cisco ISE-PIC version 3.3 and earlier Cisco ISE and Cisco ISE-PIC version 3.4 Cisco ISE and Cisco ISE-PIC version 3.5 |
|||
|
[Recommended Actions] Please update to Cisco ISE and Cisco ISE-PIC 3.3 Patch 11, Cisco ISE and Cisco ISE-PIC 3.4 Patch 6, and Cisco ISE and Cisco ISE-PIC 3.5 Patch 4. |
|||
|
[Reference] |
|||
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw