PT-2026-60218 · Cisco · Cisco Ise Passive Identity Connector+1
Published
2026-07-15
·
Updated
2026-07-15
·
CVE-2026-20146
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Identity Services Engine versions prior to 3.3
Cisco Identity Services Engine versions 3.3 through 3.3 before Patch 12
Cisco Identity Services Engine versions 3.4 through 3.4 before Patch 7
Cisco Identity Services Engine versions 3.5 through 3.5 before Patch 4
Cisco ISE Passive Identity Connector (affected versions not specified)
Description
An authenticated remote attacker with administrative credentials can perform path traversal attacks on the underlying operating system by sending a crafted HTTP request. This issue stems from improper validation of user-supplied input, which could allow the attacker to read or delete arbitrary sensitive files.
Recommendations
Migrate deployments earlier than version 3.3 to a supported fixed release.
Update to version 3.3 Patch 12 or apply the available hot patch.
Update to version 3.4 Patch 7 or apply the available hot patch.
Update to version 3.5 Patch 4 or apply the available hot patch.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Ise Passive Identity Connector
Identity Services Engine