Cisco Identity Services Engine, authenticated OS command injection (Cisco ISE Command Injection)

Overview

CVE-2026-20147 is a critical command injection vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC). ISE is a network access control and policy platform that authenticates and authorizes endpoints across enterprise networks, making it a high-value target. An authenticated, remote attacker holding valid administrative credentials can send a crafted HTTP request to execute arbitrary commands on the underlying operating system, initially at user level and then escalating to root. The National Vulnerability Database assigns a CVSS v3.1 base score of 9.9 (critical), and Cisco's own Product Security Incident Response Team assigned the same score and vector.

Technical Details

The root cause is insufficient validation of user-supplied input contained in HTTP requests handled by the management interface, classified as CWE-77 (Improper Neutralization of Special Elements used in a Command). Input that should be treated as inert data is instead passed into a context where it is interpreted by the operating system command processor, allowing an attacker to inject and run additional commands.

Exploitation requires authentication with valid administrative credentials, which is why the CVSS vector specifies low privileges required (PR:L) rather than none. However, the scope is marked changed (S:C) because the vulnerable web application runs with elevated rights and the injected commands break out of the application sandbox to affect the host operating system; Cisco notes the attacker can escalate from user-level execution to root. In single-node deployments, an attacker could also render the node unavailable, producing a denial-of-service condition for authentication services that depend on it. Cisco lists no workarounds; the only remediation is to upgrade to a fixed software release. The fixed releases are ISE 3.1 Patch 11, 3.2 Patch 10, 3.3 Patch 11, 3.4 Patch 6, and 3.5 Patch 3 (and later). Releases earlier than 3.1 are affected and have no fix on that train, so they must be migrated to a fixed release.

Impact

• Authenticated administrators can achieve arbitrary OS command execution on the ISE/ISE-PIC appliance and escalate to root.
• Full compromise of the network access control plane: an attacker could alter authentication and authorization policies, harvest credentials and certificates, and pivot to managed network infrastructure.
• Denial of service for single-node deployments if the node is taken offline, disrupting network authentication for all dependent endpoints.
• High impact to confidentiality, integrity, and availability, with scope extending beyond the application to the host operating system.

Mitigation

1. Upgrade Cisco ISE to a fixed release: 3.1 Patch 11, 3.2 Patch 10, 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3 (or any later release).
2. For deployments running a release earlier than 3.1, migrate to one of the fixed releases above; no patch is available for pre-3.1 trains.
3. There are no workarounds; do not rely on configuration changes in place of patching.
4. Restrict access to the ISE web-based management interface to a dedicated, trusted management network and limit it with infrastructure access control lists so only authorized administrators can reach it.
5. Enforce least privilege for ISE administrative accounts, audit existing admin accounts, and require multi-factor authentication for administrator logins to reduce the chance of credential abuse.

Detection

Exploitation requires an authenticated administrative session, so detection should begin with the ISE administrative audit logs. Correlate the timeline of administrative logins with any unusual activity: a legitimate-looking admin session that is immediately followed by abnormal system behavior is a primary indicator. Review the ISE operational and system logs for unexpected process execution, new files in administrator-writable locations, or services restarting without a corresponding change-management record. Because the attack escalates to root, any evidence of root-level actions not tied to a documented maintenance window deserves scrutiny.

At the network layer, monitor HTTP requests to the management interface for anomalous payloads. Command injection attempts frequently contain shell metacharacters such as semicolons, pipes, backticks, ampersands, $(...) constructs, or newline-encoded sequences inside parameter values that normally carry simple strings. A web application firewall or TLS-terminating proxy in front of the management interface can log full request bodies; flag requests whose parameters include ;, |, &&, ||, or references to binaries like sh, bash, id, whoami, curl, wget, nc, or ping. Requests originating from outside the designated management network are themselves suspicious and should be alerted on regardless of payload.

On the host, watch for the web application's worker process spawning child shells or networking utilities, an activity pattern that the appliance should never exhibit during normal operation. Outbound connections from the ISE node to unfamiliar destinations may indicate a reverse shell or data exfiltration following successful injection.

After patching, treat any node that was internet-reachable or that shows the indicators above as potentially compromised: validate the integrity of policy configuration, rotate administrative credentials and any certificates or shared secrets stored on the appliance, and confirm that no unauthorized admin accounts or scheduled tasks were created. Cisco confirmed the issue through internal security testing and is not aware of public exploitation as of the advisory, but ISE's central role in network access control makes proactive monitoring essential. Retain administrative and system logs for forensic review, and prioritize upgrading any node exposed beyond the management network.