5.3
CVE-2026-20195
- EPSS 0.28%
- Veröffentlicht 06.05.2026 16:14:54
- Zuletzt bearbeitet 29.06.2026 15:27:17
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Identity Services Engine Observable Response Discrepancy Vulnerability
A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Identity Services Engine Version <= 3.2.0
Cisco ≫ Identity Services Engine Version3.3.0 Update-
Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch1
Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch10
Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch2
Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch3
Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch4
Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch5
Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch6
Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch7
Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch8
Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch9
Cisco ≫ Identity Services Engine Version3.4.0 Update-
Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch1
Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch2
Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch3
Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch4
Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch5
Cisco ≫ Identity Services Engine Version3.5.0 Update-
Cisco ≫ Identity Services Engine Version3.5.0 Updatepatch1
Cisco ≫ Identity Services Engine Version3.5.0 Updatepatch2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.19 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-204 Observable Response Discrepancy
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb