Skip to main content

Cisco ISE CVE-2026-20190

HIGH
Improper Authorization (CWE-285)
2026-06-17 cisco
7.5
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
7.5 HIGH

Description states unauthenticated remote attacker sending crafted traffic obtains sensitive data including hashed credentials - pure confidentiality impact, no integrity or availability effect, no scope change.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (cisco).

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 17, 2026 - 16:54 vuln.today
CVE Published
Jun 17, 2026 - 16:17 cve.org
HIGH 7.5

DescriptionCVE.org

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device.

This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.

AnalysisAI

Information disclosure in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows unauthenticated remote attackers to retrieve sensitive data - including hashed credentials - by sending crafted traffic to an affected device. The root cause is missing authorization checks on a protected resource (CWE-285), making this an authentication-bypass-style information leak. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify reachable ISE/ISE-PIC node
Delivery
Send crafted unauthenticated request to vulnerable resource
Exploit
Receive sensitive data including hashed credentials
Execution
Crack hashes offline
Persist
Authenticate to AD or network devices
Impact
Pivot deeper into enterprise

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation against default configurations of Cisco ISE and ISE-PIC, requiring only network reachability to the affected resource (CVSS AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N vector (7.5 High) is internally consistent with the description: network-reachable, no authentication, no user interaction, and pure confidentiality impact with no integrity or availability effect. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network reachability to an ISE or ISE-PIC node sends a crafted HTTP(S) request to the vulnerable resource that omits or bypasses authorization, and the server returns sensitive data including hashed user credentials. The attacker then performs offline cracking or pass-the-hash/relay attacks against the recovered material to authenticate into AD-integrated systems, network devices managed via TACACS+, or the ISE admin plane itself. …
Remediation Patch available per vendor advisory: upgrade Cisco ISE and ISE-PIC to the fixed release identified in cisco-sa-ise-multi-G5WP8vv (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv); the exact fixed version was not included in the input data and must be read from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Cisco ISE and ISE-PIC instances in production; immediately restrict network access to ISE systems to authorized administrative networks only using firewall rules; enable enhanced logging of all ISE resource access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-20186 CRITICAL
9.9 Apr 15

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra

CVE-2026-20147 CRITICAL
9.9 Apr 15

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary comman

CVE-2026-20180 CRITICAL
9.9 Apr 15

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra

CVE-2026-20181 CRITICAL
9.1 Jun 17

Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-P

CVE-2026-20136 MEDIUM
6.0 Apr 15

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PI

CVE-2026-20146 MEDIUM
5.5 Jul 15

Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, aut

CVE-2026-20195 MEDIUM
5.3 May 06

Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity

CVE-2026-20148 MEDIUM
4.9 Apr 15

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal a

CVE-2026-20132 MEDIUM
4.8 Apr 15

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an au

CVE-2026-20193 MEDIUM
4.3 May 06

Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADI

Share

CVE-2026-20190 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy