CVE-2026-20181— Cisco Identity Services Engine Software 路径遍历漏洞
可能的 ATT&CK 技术 1AI
T1190 · Exploit Public-Facing Application影响版本矩阵 49
| 厂商 | 产品 | 版本范围 | 状态 |
|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software | 3.1.0 | affected |
3.1.0 p1 | affected | ||
3.1.0 p3 | affected | ||
3.1.0 p2 | affected | ||
3.2.0 | affected | ||
3.1.0 p4 | affected | ||
3.1.0 p5 | affected | ||
3.2.0 p1 | affected | ||
| … +36 条更多 | |||
| Cisco | Cisco ISE Passive Identity Connector | 3.2.0 | affected |
3.1.0 | affected | ||
3.3.0 | affected | ||
3.4.0 | affected | ||
3.5.0 | affected | ||
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-20181 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cisco Identity Services Engine Remote Code Execution Vulnerability
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
对路径名的限制不恰当(路径遍历)
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Cisco Identity Services Engine Software 路径遍历漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Cisco identity services engine software是美国Cisco公司的一套身份管理服务平台。 Cisco Identity Services Engine Software存在路径遍历漏洞,该漏洞源于用户输入验证不足,可能导致经过身份验证的远程攻击者执行任意命令,并提升权限至root,在单节点部署中还可能导致拒绝服务。以下版本受到影响:Cisco Identity Services Engine Software 3.1.0版本、3.1.0 p1版本、3.1.0 p3版本、3
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software | 3.1.0 | - | |
| Cisco | Cisco ISE Passive Identity Connector | 3.2.0 | - |
二、漏洞 CVE-2026-20181 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2026-20181 的情报信息
请登录查看更多情报信息。
CVE-2026-20181 厂商安全公告 (1)
同批安全公告 · Cisco · 2026-06-17 · 共 5 条
| CVE-2026-20190 | 7.5 HIGH | Cisco Identity Services Engine Software 授权问题漏洞 |
| CVE-2026-20220 | 6.3 MEDIUM | Cisco Crosswork Network Change Automation 输入验证错误漏洞 |
| CVE-2026-20246 | 6.0 MEDIUM | Cisco Umbrella Insights Virtual Appliance 权限许可和访问控制问题漏洞 |
| CVE-2026-20178 | 4.3 MEDIUM | Cisco Webex App URL参数验证缺陷致重定向 |
IV. Related Vulnerabilities
Same vendor: Cisco
V. Comments for CVE-2026-20181
暂无评论