CVE-2026-20029 (GCVE-0-2026-20029)
Vulnerability from cvelistv5
Published
2026-01-07 16:23
Modified
2026-01-07 16:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Summary
A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.
This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.1.0 Version: 3.1.0 p1 Version: 3.1.0 p3 Version: 3.1.0 p2 Version: 3.2.0 Version: 3.1.0 p4 Version: 3.1.0 p5 Version: 3.2.0 p1 Version: 3.1.0 p6 Version: 3.2.0 p2 Version: 3.1.0 p7 Version: 3.3.0 Version: 3.2.0 p3 Version: 3.2.0 p4 Version: 3.1.0 p8 Version: 3.2.0 p5 Version: 3.2.0 p6 Version: 3.1.0 p9 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.2.0 p7 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.1.0 p10 Version: 3.3 Patch 5 Version: 3.3 Patch 6 Version: 3.4 Patch 2 Version: 3.3 Patch 7 Version: 3.4 Patch 3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T16:40:33.564050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:40:58.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p6"
},
{
"status": "affected",
"version": "3.2.0 p2"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.2.0 p3"
},
{
"status": "affected",
"version": "3.2.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p8"
},
{
"status": "affected",
"version": "3.2.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p6"
},
{
"status": "affected",
"version": "3.1.0 p9"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.2.0 p7"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.1.0 p10"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
},
{
"status": "affected",
"version": "3.4 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 7"
},
{
"status": "affected",
"version": "3.4 Patch 3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the licensing features of\u0026nbsp;Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:23:43.372Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-xxe-jWSbSDKt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-jWSbSDKt"
}
],
"source": {
"advisory": "cisco-sa-ise-xxe-jWSbSDKt",
"defects": [
"CSCwq79739"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20029",
"datePublished": "2026-01-07T16:23:43.372Z",
"dateReserved": "2025-10-08T11:59:15.353Z",
"dateUpdated": "2026-01-07T16:40:58.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20029\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-07T16:40:33.564050Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-07T16:40:47.153Z\"}}], \"cna\": {\"title\": \"Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability\", \"source\": {\"defects\": [\"CSCwq79739\"], \"advisory\": \"cisco-sa-ise-xxe-jWSbSDKt\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Identity Services Engine Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.1.0\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p1\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p3\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p2\"}, {\"status\": \"affected\", \"version\": \"3.2.0\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p4\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p5\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p1\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p6\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p2\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p7\"}, {\"status\": \"affected\", \"version\": \"3.3.0\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p3\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p4\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p8\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p5\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p6\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p9\"}, {\"status\": \"affected\", \"version\": \"3.3 Patch 2\"}, {\"status\": \"affected\", \"version\": \"3.3 Patch 1\"}, {\"status\": \"affected\", \"version\": \"3.3 Patch 3\"}, {\"status\": \"affected\", \"version\": \"3.4.0\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p7\"}, {\"status\": \"affected\", \"version\": \"3.3 Patch 4\"}, {\"status\": \"affected\", \"version\": \"3.4 Patch 1\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p10\"}, {\"status\": \"affected\", \"version\": \"3.3 Patch 5\"}, {\"status\": \"affected\", \"version\": \"3.3 Patch 6\"}, {\"status\": \"affected\", \"version\": \"3.4 Patch 2\"}, {\"status\": \"affected\", \"version\": \"3.3 Patch 7\"}, {\"status\": \"affected\", \"version\": \"3.4 Patch 3\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\\r\\n\\r\\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-jWSbSDKt\", \"name\": \"cisco-sa-ise-xxe-jWSbSDKt\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the licensing features of\u0026nbsp;Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.\u0026nbsp;\\r\\n\\r\\nThis vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-611\", \"description\": \"Improper Restriction of XML External Entity Reference\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2026-01-07T16:23:43.372Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-20029\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-07T16:40:58.555Z\", \"dateReserved\": \"2025-10-08T11:59:15.353Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2026-01-07T16:23:43.372Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…