4.3

CVE-2026-20193

Medienbericht

Cisco Identity Services Engine Authentication Bypass Vulnerability

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device.

This vulnerability is due to improper role-based access control (RBAC) permissions on the RADIUS Policy API endpoints. An attacker could exploit this vulnerability by bypassing the web-based management interface and directly calling an affected endpoint. A successful exploit could allow the attacker to gain unauthorized read access to sensitive RADIUS Policy details that are restricted for their role.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIdentity Services Engine Version <= 3.2.0
CiscoIdentity Services Engine Version3.3.0 Update-
CiscoIdentity Services Engine Version3.3.0 Updatepatch1
CiscoIdentity Services Engine Version3.3.0 Updatepatch10
CiscoIdentity Services Engine Version3.3.0 Updatepatch2
CiscoIdentity Services Engine Version3.3.0 Updatepatch3
CiscoIdentity Services Engine Version3.3.0 Updatepatch4
CiscoIdentity Services Engine Version3.3.0 Updatepatch5
CiscoIdentity Services Engine Version3.3.0 Updatepatch6
CiscoIdentity Services Engine Version3.3.0 Updatepatch7
CiscoIdentity Services Engine Version3.3.0 Updatepatch8
CiscoIdentity Services Engine Version3.3.0 Updatepatch9
CiscoIdentity Services Engine Version3.4.0 Update-
CiscoIdentity Services Engine Version3.4.0 Updatepatch1
CiscoIdentity Services Engine Version3.4.0 Updatepatch2
CiscoIdentity Services Engine Version3.4.0 Updatepatch3
CiscoIdentity Services Engine Version3.4.0 Updatepatch4
CiscoIdentity Services Engine Version3.4.0 Updatepatch5
CiscoIdentity Services Engine Version3.5.0 Update-
CiscoIdentity Services Engine Version3.5.0 Updatepatch1
CiscoIdentity Services Engine Version3.5.0 Updatepatch2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.126
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
07.05.2026 09:25
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb
Vendor Advisory