Critical vulnerability alert on Cisco ISE: Enterprises urgent update required

Thảo Nguyên
3 minutes ago
4 min read

Cisco has issued an urgent advisory regarding critical security vulnerabilities within the Cisco Identity Services Engine (ISE) identity management system and the ISE Passive Identity Connector (ISE-PIC) solution. These flaws could allow attackers to remotely control systems or steal sensitive internal data, posing a direct threat to the information security of enterprise networks.

Inside the two critical security vulnerabilities on Cisco ISE

Cisco's security system is currently facing two vulnerabilities with differing characteristics and severity levels:

1. Remote Code Execution (RCE) vulnerability - CVE-2026-20181

This is the most critical flaw in this advisory, arising from the system's failure to properly validate user-supplied input.

Exploitation method: An attacker who already possesses an account with administrative privileges could exploit this flaw by sending a specially crafted HTTP request to the system.
Impact: Upon successful exploitation, attackers can execute arbitrary commands directly on the device's operating system. From their initial standard privileges, they can escalate to the highest privilege level (root) to gain complete control over the device. For network deployments utilizing a single-node architecture, this flaw can also trigger a Denial of Service (DoS) condition, completely preventing new devices from authenticating and joining the network until the system is restored.

2. Data leakage vulnerability - CVE-2026-20190

The second flaw involves improper validation and authorization checks within the system.

Exploitation method: Unlike the aforementioned RCE bug, this vulnerability allows a remote attacker to exploit it without possessing any authenticated accounts.
Impact: By utilizing pre-crafted requests, malicious actors can access and extract sensitive information stored on the device, including hashed credentials. This data can subsequently be leveraged for follow-up attacks, increasing the risk of lateral movement and deeper penetration into other internal network segments.

*Cisco's security system is facing two vulnerabilities with different configurations and severity levels*

Technical specifications and affected scope

Advisory ID: cisco-sa-ise-multi-G5WP8vv (Published on June 17, 2026).
Severity: Evaluated with a very high CVSS score of 9.1.
Affected scope: All versions of Cisco ISE and ISE-PIC are affected by these vulnerabilities, regardless of the system configuration. However, the specific impact may vary depending on the software version the enterprise is running.

Remediation and security recommendations

Patches from Cisco

Currently, Cisco has not provided any temporary workarounds; therefore, updating the software to a new version is the only and most effective way to eliminate the risk. The company has released specific patches for each version as follows:

ISE 3.3: Update to Patch 11
ISE 3.4: Update to Patch 6
ISE 3.5: Patch 4 (scheduled for release in August 2026).

Note: For organizations operating older versions, the mandatory solution is to upgrade the system to currently supported versions.

Defensive recommendations for enterprises

Although Cisco states that there have been no documented signs of these vulnerabilities being exploited in the wild, given their dangerous nature and the relatively low barrier to execution, organizations are strongly advised to prioritize early remediation.

Alongside applying the patches, experts recommend that enterprises implement additional protective measures:

Restrict and limit administrative access, allowing connections only from trusted internal network zones.
Enhance system log monitoring to promptly detect anomalous HTTP requests.
Thoroughly audit user authentication activities and privilege escalation behaviors on devices.

The core role of Identity Management Systems

This security incident once again underscores the critical importance of identity management infrastructure in safeguarding enterprise information security. When this control system is compromised, the consequences for the internal network are exceptionally severe.

*Identity management infrastructure plays a core role in protecting enterprise information security*

It is understood that the above vulnerabilities were discovered and reported by security researchers from TrendAI, STAR Labs, and the Zero Day Initiative. This coordination reflects responsible disclosure efforts aimed at protecting the tech community from cyber threats.

IPSIP Vietnam: Partnering for comprehensive enterprise network infrastructure protection

Faced with increasingly complex security challenges like this Cisco ISE incident, IPSIP Vietnam is proud to be a leading, reputable provider supporting businesses and organizations in proactively auditing their entire software estate and scheduling immediate deployment of appropriate patches to secure their data and network infrastructure.

*IPSIP Vietnam is a leading cybersecurity company, delivering optimal solutions for enterprise network infrastructure*

As an international-standard technology partner possessing prestigious certifications such as ISO 27001:2022 and SOC 2 Type II, IPSIP delivers a comprehensive ecosystem of IT and Cybersecurity solutions that optimize costs and enhance defensive capabilities:

Security Operations Center (SOC 24/7): An in-depth security shield providing continuous data monitoring, proactive detection, prevention, and ultra-fast Incident Response for cyber incidents with a response time of under 15 minutes.
Network Operations Center (NOC 24/7): Proactive monitoring and remote operational management services for IT infrastructure, committed to maintaining continuous system operations with absolute Uptime.
FlexSecure 360 Solution for SMEs: A comprehensive security ecosystem custom-designed and personalized for small and medium-sized enterprises, optimizing cybersecurity costs by up to 40%.
Outsourced IT Support / IT Helpdesk Services: A team of highly skilled technical experts to replace or support an enterprise's internal IT department in carrying out routine maintenance, hardware/software troubleshooting, and periodic system upgrades.
Privileged Access Management (PAM/Bastion) & Multi-Factor Authentication (MFA) Solutions: Strictly control user privileges and tighten system authentication security, completely neutralizing the risk of attackers escalating privileges to root.
Cybersecurity Solution Consulting & Training: Periodic Vulnerability Assessments, designing secure network infrastructure architecture, and organizing security awareness training for corporate staff.

Armed with superior technical capabilities and a global mindset, IPSIP Vietnam is committed to standing alongside businesses to build a robust, multi-layered security shield, ensuring absolute safety against all risks of data leaks and network intrusion.