Forward Taiwan Computer Emergency Response Team / Coordination Center Information Security Alert TWCERTCC-200-202606-00000016

[Description]
Cisco Identity Services Engine (ISE) is an identity-based security management platform that collects information from networks and user devices and enforces policies and makes regulatory decisions within the network infrastructure.
Recently, Cisco released a critical security vulnerability advisory (CVE-2026-20181，CVSS：9.1). This vulnerability may allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system of affected devices. Note: To exploit this vulnerability, the attacker must possess valid administrator credentials.

[Affected Platform]
Cisco ISE and Cisco ISE-PIC 3.3 (inclusive) and earlier versions
Cisco ISE and Cisco ISE-PIC 3.4 versions
Cisco ISE and Cisco ISE-PIC 3.5 versions

[Recommended Measures]
Please update to Cisco ISE and Cisco ISE-PIC 3.3 Patch 11, Cisco ISE and Cisco ISE-PIC 3.4 Patch 6, Cisco ISE and Cisco ISE-PIC 3.5 Patch 4

[References]
https://www.twcert.org.tw/tw/cp-169-10984-5eafa-1.html