Cisco released security updates addressing a medium-severity flaw in its ISE and ISE-PIC products that could allow unauthorized access to sensitive data via XML parsing vulnerabilities. The flaws, along with issues in Snort 3, highlight the importance of updating affected Cisco systems to prevent exploitation. #CVE-2026-20029 #CiscoISE #Snort3
Keypoints
- Cisco fixed a vulnerability in ISE and ISE-PIC that could let attackers access sensitive system files.
- The flaw (CVE-2026-20029) impacts Cisco ISE and ISE-PIC versions earlier than 3.2, with patches available for later versions.
- Successful exploitation requires an attacker to have administrative privileges and involves malicious file uploads.
- Additional updates address two DCE/RPC-related vulnerabilities in Snort 3 that could cause information leaks or service disruption.
- The vulnerabilities affect Cisco Secure Firewall Threat Defense, IOS XE, and Meraki devices, emphasizing the need for timely updates.
Read More: https://thehackernews.com/2026/01/cisco-patches-ise-security.html