Cisco Identity Services Engine
Moderate fix5 remedies
cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*, +1 more
Moderate fix5 remedies
- < 3.1
- < 3.2
- < 3.3
- < 3.4
- < 3.5
- 3.1
- 3.2
- 3.3
- 3.4
- 3.5
Cisco ISE and ISE-PIC Path Traversal Vulnerability Allowing Arbitrary File Read
Vulnerability
Patched
A path traversal vulnerability has been identified in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). This vulnerability allows an authenticated, remote attacker to read arbitrary files from the underlying operating system of the affected device. The issue arises from improper validation of user-supplied input, enabling attackers to exploit it by sending crafted HTTP requests. Successful exploitation could grant access to sensitive files on the system.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the affected system.
Remediation
Cisco has released software updates to address this vulnerability. For instructions on upgrading, refer to the Upgrade Guides on the Cisco Identity Service Engine support page. Customers should contact the Cisco Technical Assistance Center (TAC) for upgrade assistance if needed.
Added: Apr 15, 2026, 5:45 PM
Updated: Apr 15, 2026, 5:45 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
0.8exploitability
4.4remediation
0.0relevance
5.9threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.