Detections
Analytics

Cisco Identity Services Engine (cisco-sa-ise-xxe-jWSbSDKt)

medium Nessus Plugin ID 282331

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco ISE is affected by a vulnerability.

 - A vulnerability in the licensing features ofCisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials. (CVE-2026-20029)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwq79739

See Also

http://www.nessus.org/u?04352427

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwq79739

Plugin Details

Severity: Medium

ID: 282331

File Name: cisco-sa-ise-xxe-jWSbSDKt.nasl

Version: 1.1

Type: local

Family: CISCO

Published: 1/7/2026

Updated: 1/7/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:N/A:N

CVSS Score Source: CVE-2026-20029

CVSS v3

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:identity_services_engine, cpe:/a:cisco:identity_services_engine_software, cpe:/h:cisco:identity_services_engine

Required KB Items: Host/Cisco/ISE/version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/7/2026

Vulnerability Publication Date: 1/7/2026

Reference Information

CVE: CVE-2026-20029

CWE: 611

CISCO-SA: cisco-sa-ise-xxe-jWSbSDKt

CISCO-BUG-ID: CSCwq79739