CVE-2026-20147
Cisco · Identity Services Engine (ISE) and ISE-PIC
Cisco ISE and ISE-PIC are vulnerable to OS command injection via crafted HTTP requests, allowing authenticated administrators to achieve root-level code execution and cause denial-of-service.
Executive summary
An authenticated remote command execution vulnerability in Cisco ISE and ISE-PIC poses a critical risk of full system compromise and service disruption.
Vulnerability
This vulnerability allows an authenticated remote attacker with valid administrative credentials to execute arbitrary OS commands due to insufficient input validation. Successful exploitation can lead to privilege escalation to root and, in single-node environments, a complete denial-of-service condition.
Business impact
The ability for an attacker to gain root access to an authentication server represents a catastrophic security failure. Given the CVSS score of 9.9, this vulnerability threatens the integrity and availability of the entire network access control infrastructure, potentially allowing lateral movement across the enterprise.
Remediation
Immediate Action: Update Cisco ISE and ISE-PIC to the latest patched versions provided by the vendor immediately.
Proactive Monitoring: Review administrative access logs for suspicious HTTP requests and monitor system resource usage for unexpected service interruptions.
Compensating Controls: Restrict access to the ISE management interface to known, trusted management subnets using network-level ACLs.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Organizations must prioritize the application of Cisco security patches to all affected ISE nodes. Given that administrative credentials are required for exploitation, ensure that Principle of Least Privilege is strictly enforced for all administrative accounts to minimize the attack surface.