5.3

CVE-2026-20195

Medienbericht

Cisco Identity Services Engine Observable Response Discrepancy Vulnerability

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device.

This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIdentity Services Engine Version <= 3.2.0
CiscoIdentity Services Engine Version3.3.0 Update-
CiscoIdentity Services Engine Version3.3.0 Updatepatch1
CiscoIdentity Services Engine Version3.3.0 Updatepatch10
CiscoIdentity Services Engine Version3.3.0 Updatepatch2
CiscoIdentity Services Engine Version3.3.0 Updatepatch3
CiscoIdentity Services Engine Version3.3.0 Updatepatch4
CiscoIdentity Services Engine Version3.3.0 Updatepatch5
CiscoIdentity Services Engine Version3.3.0 Updatepatch6
CiscoIdentity Services Engine Version3.3.0 Updatepatch7
CiscoIdentity Services Engine Version3.3.0 Updatepatch8
CiscoIdentity Services Engine Version3.3.0 Updatepatch9
CiscoIdentity Services Engine Version3.4.0 Update-
CiscoIdentity Services Engine Version3.4.0 Updatepatch1
CiscoIdentity Services Engine Version3.4.0 Updatepatch2
CiscoIdentity Services Engine Version3.4.0 Updatepatch3
CiscoIdentity Services Engine Version3.4.0 Updatepatch4
CiscoIdentity Services Engine Version3.4.0 Updatepatch5
CiscoIdentity Services Engine Version3.5.0 Update-
CiscoIdentity Services Engine Version3.5.0 Updatepatch1
CiscoIdentity Services Engine Version3.5.0 Updatepatch2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.19
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
07.05.2026 09:25
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb
Vendor Advisory