CVE-2026-20195

Medienbericht

EPSS 0.04%
Veröffentlicht 06.05.2026 16:14:54
Zuletzt bearbeitet 06.05.2026 18:59:53
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco Identity Services Engine Observable Response Discrepancy Vulnerability

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device.

This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco Identity Services Engine Software

Default Statusunknown

Version 3.3.0

Status affected

Version 3.3 Patch 2

Status affected

Version 3.3 Patch 1

Status affected

Version 3.3 Patch 3

Status affected

Version 3.4.0

Status affected

Version 3.3 Patch 4

Status affected

Version 3.4 Patch 1

Status affected

Version 3.3 Patch 5

Status affected

Version 3.3 Patch 6

Status affected

Version 3.4 Patch 2

Status affected

Version 3.3 Patch 7

Status affected

Version 3.4 Patch 3

Status affected

Version 3.5.0

Status affected

Version 3.4 Patch 4

Status affected

Version 3.3 Patch 8

Status affected

Version 3.5 Patch 1

Status affected

Version 3.3 Patch 9

Status affected

Version 3.4 Patch 5

Status affected

Version 3.5 Patch 3

Status affected

Version 3.5 Patch 2

Status affected

Version 3.3 Patch 10

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.112

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://www.heise.de/news/Cisco-Codeschmuggel-Leck-in-Unity-Connection-und-weitere-Luecken-11285115.html

Media Report

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb

https://nvd.nist.gov/vuln/detail/CVE-2026-20195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20195

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-20195