Cisco ISE
CVE-2026-20190
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Description states unauthenticated remote attacker sending crafted traffic obtains sensitive data including hashed credentials - pure confidentiality impact, no integrity or availability effect, no scope change.
Primary rating from Vendor (cisco).
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device.
This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.
AnalysisAI
Information disclosure in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows unauthenticated remote attackers to retrieve sensitive data - including hashed credentials - by sending crafted traffic to an affected device. The root cause is missing authorization checks on a protected resource (CWE-285), making this an authentication-bypass-style information leak. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions - remote unauthenticated exploitation against default configurations of Cisco ISE and ISE-PIC, requiring only network reachability to the affected resource (CVSS AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N vector (7.5 High) is internally consistent with the description: network-reachable, no authentication, no user interaction, and pure confidentiality impact with no integrity or availability effect. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network reachability to an ISE or ISE-PIC node sends a crafted HTTP(S) request to the vulnerable resource that omits or bypasses authorization, and the server returns sensitive data including hashed user credentials. The attacker then performs offline cracking or pass-the-hash/relay attacks against the recovered material to authenticate into AD-integrated systems, network devices managed via TACACS+, or the ISE admin plane itself. … |
| Remediation | Patch available per vendor advisory: upgrade Cisco ISE and ISE-PIC to the fixed release identified in cisco-sa-ise-multi-G5WP8vv (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv); the exact fixed version was not included in the input data and must be read from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Cisco ISE and ISE-PIC instances in production; immediately restrict network access to ISE systems to authorized administrative networks only using firewall rules; enable enhanced logging of all ISE resource access. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary comman
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra
Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-P
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PI
Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, aut
Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal a
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an au
Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADI
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today