Skip to main content

Cisco ISE EUVDEUVD-2026-27862

| CVE-2026-20193 MEDIUM
Missing Authorization (CWE-862)
2026-05-06 cisco GHSA-qwrq-5c2q-3p3m
4.3
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 06, 2026 - 17:34 vuln.today

DescriptionCVE.org

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device.

This vulnerability is due to improper role-based access control (RBAC) permissions on the RADIUS Policy API endpoints. An attacker could exploit this vulnerability by bypassing the web-based management interface and directly calling an affected endpoint. A successful exploit could allow the attacker to gain unauthorized read access to sensitive RADIUS Policy details that are restricted for their role.

AnalysisAI

Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADIUS Policy API endpoints and gain unauthorized read access to sensitive policy details through direct API calls. The vulnerability affects ISE software across versions due to improper RBAC enforcement on API endpoints, enabling privilege escalation from read-only to unauthorized data disclosure. CVSS score is 4.3 with low attack complexity, but exploitation requires valid administrative credentials.

Technical ContextAI

Cisco ISE (Identity Services Engine) implements role-based access control (RBAC) to restrict administrative capabilities. The vulnerability exists in the RADIUS Policy API endpoints, which define authorization policies for RADIUS authentication. The root cause is CWE-862 (Missing Authorization), where the API endpoints fail to properly validate whether an authenticated user's role permits access to specific policy data. An attacker with read-only Administrator credentials can bypass the web-based management interface RBAC checks by directly invoking the affected API endpoints, which lack equivalent permission validation. This represents a classic authorization bypass where authentication is present but authorization is not properly enforced at the API layer.

RemediationAI

Apply the vendor-released security patch for Cisco ISE as specified in Cisco Security Advisory cisco-sa-ise-unauth-bypass-uxjRXGpb (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb). The advisory includes specific patched versions and upgrade procedures. As an interim mitigation, restrict API access to RADIUS Policy endpoints through network-based controls (firewall rules limiting access to ISE management interfaces to trusted administrative networks only). Additionally, audit existing read-only Administrator accounts and reduce the number of accounts with administrative privileges; consider implementing multi-factor authentication for all ISE administrative access to reduce the risk of credential compromise. Monitor ISE API access logs for direct calls to RADIUS Policy endpoints from read-only accounts, which would indicate attempted exploitation. These compensating controls reduce exposure but do not eliminate the underlying authorization flaw; vendor patching remains the primary remediation.

CVE-2026-20186 CRITICAL
9.9 Apr 15

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra

CVE-2026-20147 CRITICAL
9.9 Apr 15

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary comman

CVE-2026-20180 CRITICAL
9.9 Apr 15

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra

CVE-2026-20181 CRITICAL
9.1 Jun 17

Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-P

CVE-2026-20190 HIGH
7.5 Jun 17

Information disclosure in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows unaut

CVE-2026-20136 MEDIUM
6.0 Apr 15

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PI

CVE-2026-20146 MEDIUM
5.5 Jul 15

Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, aut

CVE-2026-20195 MEDIUM
5.3 May 06

Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity

CVE-2026-20148 MEDIUM
4.9 Apr 15

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal a

CVE-2026-20132 MEDIUM
4.8 Apr 15

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an au

Share

EUVD-2026-27862 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy