Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202604-00000018

[Content Description]
Cisco's Identity Services Engine (ISE) is an identity-based security management platform that collects information from networks and user devices, and implements policies and makes regulatory decisions within network infrastructure. Recently, Cisco released a major cybersecurity vulnerability announcement.

【CVE-2026-20180, CVSS: 9.9 and CVE-2026-20186, CVSS: 9.9】are remote code execution vulnerabilities that allow an authenticated remote attacker to execute arbitrary commands on the affected underlying operating system.
Successful exploitation of this vulnerability requires the attacker to have at least read-only administrator privileges.

【CVE-2026-20147, CVSS: 9.9】This vulnerability allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of an affected device. Successful exploitation requires the attacker to possess at least valid administrator credentials.

[Affected Platforms]
Cisco ISE versions 3.2 and earlier
Cisco ISE version 3.2
Cisco ISE version 3.3
Cisco ISE version 3.4
Cisco ISE or Cisco ISE-PIC versions 3.1 and earlier
Cisco ISE or Cisco ISE-PIC version 3.2
Cisco ISE or Cisco ISE-PIC version 3.3
Cisco ISE or Cisco ISE-PIC version 3.4
Cisco ISE or Cisco ISE-PIC version 3.5

[Recommended Actions]
Please update to the following versions:
【CVE-2026-20180, CVE-2026-20186】Cisco ISE 3.2 Patch 8 Cisco ISE 3.3 Patch 8 Cisco ISE 3.4 Patch 5

【CVE-2026-20147】Cisco ISE or Cisco ISE-PIC 3.1 Patch 11; Cisco ISE or Cisco ISE-PIC 3.2 Patch 10; Cisco ISE or Cisco ISE-PIC 3.3 Patch 11; Cisco ISE or Cisco ISE-PIC 3.4 Patch 6; Cisco ISE or Cisco ISE-PIC 3.5 Patch 3

Note: Cisco ISE-PIC is no longer sold; version 3.4 is the last supported version.

[References]
1. https://www.twcert.org.tw/tw/cp-169-10849-9d3d6-1.html