"Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with admin-level privileges to access sensitive information - and warned that a public, proof-of-concept exploit for the flaw exists online. ISE is Cisco's network access control and security policy platform, and companies use it to centrally manage and enforce security policies across users and devices."
"The bug, tracked as CVE-2026-20029, received a medium-severity 4.9 CVSS rating and it affects ISE and ISE-PIC, regardless of device configuration. It's due to improper parsing of XML processed by ISE and ISE-PIC's web-based management interface. "An attacker could exploit this vulnerability by uploading a malicious file to the application," according to the Wednesday security advisory. "A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators.""
""This vulnerability does require authentication, so that's the first barrier to exploitation," ZDI's Head of Threat Awareness Dustin Childs told The Register, adding that ZDI doesn't expect to see widespread abuse of this flaw given its high-privilege requirements. But, assuming that an attacker stole or otherwise obtained admin credentials, they "could leak the contents of files on an affected system," Childs added."
Cisco patched a vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that permits authenticated admin-level users to access sensitive files. The flaw, CVE-2026-20029, has a CVSS score of 4.9 and stems from improper parsing of XML in the web-based management interface. An attacker can exploit the issue by uploading a malicious file to cause arbitrary file reads from the underlying operating system, potentially exposing data that should be inaccessible even to administrators. Exploitation requires authentication, reducing the likelihood of widespread abuse, but stolen admin credentials would enable data leakage. A public proof-of-concept exploit exists online; no in-the-wild abuse has been reported yet.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]