7.5
CVE-2026-20190
- EPSS 0.41%
- Veröffentlicht 17.06.2026 16:17:04
- Zuletzt bearbeitet 22.06.2026 14:30:44
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Identity Services Engine Information Disclosure Vulnerability
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Identity Services Engine Version3.4.0 Update-
Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch1
Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch2
Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch3
Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch4
Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch5
Cisco ≫ Identity Services Engine Version3.5.0 Update-
Cisco ≫ Identity Services Engine Version3.5.0 Updatepatch1
Cisco ≫ Identity Services Engine Version3.5.0 Updatepatch2
Cisco ≫ Identity Services Engine Passive Identity Connector Version3.4.0 Update-
Cisco ≫ Identity Services Engine Passive Identity Connector Version3.4.0 Updatepatch1
Cisco ≫ Identity Services Engine Passive Identity Connector Version3.4.0 Updatepatch2
Cisco ≫ Identity Services Engine Passive Identity Connector Version3.4.0 Updatepatch3
Cisco ≫ Identity Services Engine Passive Identity Connector Version3.4.0 Updatepatch4
Cisco ≫ Identity Services Engine Passive Identity Connector Version3.4.0 Updatepatch5
Cisco ≫ Identity Services Engine Passive Identity Connector Version3.5.0 Update-
Cisco ≫ Identity Services Engine Passive Identity Connector Version3.5.0 Updatepatch1
Cisco ≫ Identity Services Engine Passive Identity Connector Version3.5.0 Updatepatch2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.324 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv