Cisco Releases Critical Security Updates for ISE and Snort 3 to Address Vulnerabilities
Cisco has recently issued critical security updates to address vulnerabilities in its Identity Services Engine (ISE) and Snort 3 Detection Engine. These updates are crucial for maintaining the security and integrity of network infrastructures utilizing these products.
CVE-2026-20029: ISE Licensing Feature Vulnerability
A medium-severity vulnerability, identified as CVE-2026-20029 with a CVSS score of 4.9, has been discovered in the licensing feature of Cisco’s ISE and ISE Passive Identity Connector (ISE-PIC). This flaw arises from improper XML parsing within the web-based management interface of these systems. An authenticated remote attacker with administrative privileges could exploit this vulnerability by uploading a malicious file, potentially gaining access to sensitive information on the underlying operating system—data that should remain inaccessible even to administrators.
Bobby Gould from Trend Micro Zero Day Initiative reported this issue. The affected versions include:
– Cisco ISE or ISE-PIC releases earlier than 3.2: Users are advised to migrate to a fixed release.
– Cisco ISE or ISE-PIC Release 3.2: Fixed in Patch 8.
– Cisco ISE or ISE-PIC Release 3.3: Fixed in Patch 8.
– Cisco ISE or ISE-PIC Release 3.4: Fixed in Patch 4.
– Cisco ISE or ISE-PIC Release 3.5: Not vulnerable.
Cisco has acknowledged the existence of a public proof-of-concept (PoC) exploit for this vulnerability but has found no evidence of its exploitation in the wild. There are no available workarounds; therefore, applying the provided patches is essential to mitigate this risk.
Additional Vulnerabilities in Snort 3 Detection Engine
In addition to the ISE vulnerability, Cisco has addressed two medium-severity flaws in the Snort 3 Detection Engine, both related to the processing of Distributed Computing Environment Remote Procedure Call (DCE/RPC) requests:
1. CVE-2026-20026: This vulnerability, with a CVSS score of 5.8, could allow an unauthenticated remote attacker to cause a denial-of-service (DoS) condition by forcing the Snort 3 Detection Engine to restart unexpectedly, thereby impacting system availability.
2. CVE-2026-20027: Assigned a CVSS score of 5.3, this flaw could enable an unauthenticated remote attacker to leak sensitive information by exploiting the Snort 3 Detection Engine’s handling of DCE/RPC requests.
These vulnerabilities affect several Cisco products, including:
– Cisco Secure Firewall Threat Defense (FTD) Software, if Snort 3 is configured.
– Cisco IOS XE Software.
– Cisco Meraki software.
Trend Micro researcher Guy Lederfein reported these issues. Cisco has released patches to address these vulnerabilities, and users are strongly encouraged to update their systems promptly to maintain optimal security.
The Importance of Timely Updates
Cisco products are frequently targeted by malicious actors due to their widespread use in critical network infrastructures. The timely application of security updates is paramount to protect systems from potential exploits. Organizations should prioritize these updates to safeguard their networks against unauthorized access and potential service disruptions.
Conclusion
The recent vulnerabilities in Cisco’s ISE and Snort 3 Detection Engine underscore the importance of proactive security measures. By promptly applying the provided patches, organizations can mitigate the risks associated with these flaws and maintain the integrity and availability of their network services.
