Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-rce-traversal-8bYndVrZ)

🗓️ 15 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 6 Views

Authenticated remote attacker can run commands as root, read files via path traversal, and cause denial of service on single-node ISE.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2026-20148
15 Apr 202616:03
attackerkb
ATTACKERKB		CVE-2026-20147
15 Apr 202616:03
attackerkb
Circl		CVE-2026-20147
15 Apr 202616:21
circl
Circl		CVE-2026-20148
15 Apr 202616:21
circl
Cisco		Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities
15 Apr 202616:00
cisco
CNNVD		Cisco ISE和Cisco ISE-PIC 安全漏洞
15 Apr 202600:00
cnnvd
CNNVD		Cisco ISE和Cisco ISE-PIC 安全漏洞
15 Apr 202600:00
cnnvd
CVE		CVE-2026-20147
15 Apr 202616:03
cve
CVE		CVE-2026-20148
15 Apr 202616:03
cve
Cvelist		CVE-2026-20147 Cisco Identity Services Engine Remote Code Execution Vulnerability
15 Apr 202616:03
cvelist
Rows per page
#TRUSTED a67e61e820ac9bda3dca49cfaac6e9ae33a7a134d1708200f77afd79b4a06c9eb2fab6991cfe282dfee2f35226d319ff3ca41210504e08b8fa2ccfd5d56e941cb5d1eff8ce5f4ebc1778e36c6c83c89849d80e31c3ff910c24b2e205d4b2127ac3d88c90de36b06cdb1c01cbf5167c5f7e24c05749a7d6243f88129418c43f7b52702ff1f6e6c88e84dfdaa293a9e4c9bb72eebb1c640926cf9e74ecbd89c0856e030435cddbee3c15242451beb713b1738576ef40533d35130301c441624406a97af0bc99bb90eda8a5b4bd571ec6919ed13069eae6631c373b43767fca3dac3c88f797f53a273269b87c0db4c98ccb919f411f64b8b886c77c096968e3dd6c263f86c78e1698163cbdca3dfac1b43f03b02b7f2f8a30f4f80571f899c6ab697ae06b064e9bc2901b9f139fc118dc6fccda42b6676698cbf0ee6d33461dc3fe8fd84f2801459d47bd4ddd860739b172a4b4bda06a9e4e8cc0c74e7b47bde1c90da46b1a7ea740f57940c32e16b7b7b5f6fd7dbf05f4139b69916eb9f80de604fc5761890e17f9824930e6d8906869a51ab8ad2de4baf3b87c1e6dec622a0db4d78eb03262f083a756fa202e0c5f96cc79138b346950d83e2950ab3b27fb85a16290bd6ebe14198321654298450b6534c460a0f25b944116d26a00857599842093dc4d82194aae8dbf71f6d28b627f5b15dec9930676b0971064eacebc4d5efb
#TRUST-RSA-SHA256 3fcfc3a48ea5ed2d4056e71f354caf43b1b891d98a5066f7a61f902215bc0718ff694e3f7319613e946a4eee90115bde7672b359232a16866860dbd7dc1d12188bf223f90b75b436e8d7b5f26306d30ae4e45c59417ea6a0803917c12e019c2c9c95eb435718511227b33f3eb06494043b28f563228d6b7f44e3dd8637766026815358b283f01680b34d243b56aaec8d60a96fe0d9d99b6e3445e83d16e50282b1fe5db58a6f3843b5cf1f7c401a4cb2e9dcfef8b81bcf102eeff4fd24a61edb21161b134cef581390a295d0fa31c357d9a67f3469a2fc59f74ab1a00fa7de99e55a09b0f147142d0101725188f00e0a644ee687c5a1a3b63d55da5d57a2d8156f926bf3382fd8abeaa046241a99025305d9c417a7df3f376f6aa52aaf7a9206f7ae94c9f2407d4d5b616d38d9cfb2c97c4e29467795f4decdaa4b06efd51720060fa7c1352a1a684f164a404eb052b9bf08d27d7820591a508b2d96a0941d6e32343f6b67f991e38f8c4c7317a288b8baa57a34b00f96e598c545c125b3af6b94feac865dd15c8ba1c226b949cbf884d4a9b05fc3236109c35dc68088cc064a9b1ffb770e400844fb0b7ca88261ce97836073fd1cc318a30ae925f31c1cf0acb63105d3101e33d0e7cd47d06ef5beb46caadebce96d547b8cb84959d12b7457965db11591a27235ce1f2141d5bb2fe7d0b51f3be31d69008558f7b66b1fdacf
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(306557);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/20");

  script_cve_id("CVE-2026-20147", "CVE-2026-20148");
  script_xref(name:"CISCO-BUG-ID", value:"CSCws52717");
  script_xref(name:"CISCO-BUG-ID", value:"CSCws52738");
  script_xref(name:"CISCO-SA", value:"cisco-sa-ise-rce-traversal-8bYndVrZ");
  script_xref(name:"IAVA", value:"2026-A-0357");

  script_name(english:"Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-rce-traversal-8bYndVrZ)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities.

  - A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute
    arbitrary commands on the underlying operating system of an affected device. To exploit this
    vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to
    insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a
    crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-
    level access to the underlying operating system and then elevate privileges to root. In single-node ISE
    deployments, successful exploitation of this vulnerability could cause the affected ISE node to become
    unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not
    already authenticated would be unable to access the network until the node is restored. (CVE-2026-20147)

  - A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform
    path traversal attacks on the underlying operating system and read arbitrary files. To exploit this
    vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to
    improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a
    crafted HTTP request to an affected system. A successful exploit could allow the attacker to access
    sensitive files on the affected system. (CVE-2026-20148)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5559402d");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws52717");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws52738");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCws52717, CSCws52738");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-20147");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(22, 77);

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:identity_services_engine");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine_software");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ise_detect.nbin");
  script_require_keys("Host/Cisco/ISE/version");

  exit(0);
}

include('ccf.inc');
include('cisco_ise_func.inc');

var product_info = cisco::get_product_info(name:'Cisco Identity Services Engine Software');

product_info = strip_fourth_segment(product_info:product_info);

var vuln_ranges = [
 {'min_ver': '1.0', 'fix_ver': '3.1', 'required_patch': '11'},
 {'min_ver': '3.2', 'fix_ver': '3.2', 'required_patch': '10'},
 {'min_ver': '3.3', 'fix_ver': '3.3', 'required_patch': '11'},
 {'min_ver': '3.4', 'fix_ver': '3.4', 'required_patch': '6'},
 {'min_ver': '3.5', 'fix_ver': '3.5', 'required_patch': '3'}
];

var required_patch = get_required_patch(vuln_ranges:vuln_ranges, version:product_info['version']);

var reporting = make_array(
  'port'          , 0,
  'severity'      , SECURITY_HOLE,
  'version'       , product_info['version'],
  'bug_id'        , 'CSCws52717, CSCws52738',
  'disable_caveat', TRUE,
  'fix'           , 'See vendor advisory'
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_ranges:vuln_ranges,
  required_patch:required_patch
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Apr 2026 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.19.9
EPSS0.00321
SSVC
Identity Services EnginePath traversalCommand executionRoot accessDenial of service
6