Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device.
This vulnerability is due to improper role-based access control (RBAC) permissions on the RADIUS Policy API endpoints. An attacker could exploit this vulnerability by bypassing the web-based management interface and directly calling an affected endpoint. A successful exploit could allow the attacker to gain unauthorized read access to sensitive RADIUS Policy details that are restricted for their role.
AnalysisAI
Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADIUS Policy API endpoints and gain unauthorized read access to sensitive policy details through direct API calls. The vulnerability affects ISE software across versions due to improper RBAC enforcement on API endpoints, enabling privilege escalation from read-only to unauthorized data disclosure. CVSS score is 4.3 with low attack complexity, but exploitation requires valid administrative credentials.
Technical ContextAI
Cisco ISE (Identity Services Engine) implements role-based access control (RBAC) to restrict administrative capabilities. The vulnerability exists in the RADIUS Policy API endpoints, which define authorization policies for RADIUS authentication. The root cause is CWE-862 (Missing Authorization), where the API endpoints fail to properly validate whether an authenticated user's role permits access to specific policy data. An attacker with read-only Administrator credentials can bypass the web-based management interface RBAC checks by directly invoking the affected API endpoints, which lack equivalent permission validation. This represents a classic authorization bypass where authentication is present but authorization is not properly enforced at the API layer.
RemediationAI
Apply the vendor-released security patch for Cisco ISE as specified in Cisco Security Advisory cisco-sa-ise-unauth-bypass-uxjRXGpb (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb). The advisory includes specific patched versions and upgrade procedures. As an interim mitigation, restrict API access to RADIUS Policy endpoints through network-based controls (firewall rules limiting access to ISE management interfaces to trusted administrative networks only). Additionally, audit existing read-only Administrator accounts and reduce the number of accounts with administrative privileges; consider implementing multi-factor authentication for all ISE administrative access to reduce the risk of credential compromise. Monitor ISE API access logs for direct calls to RADIUS Policy endpoints from read-only accounts, which would indicate attempted exploitation. These compensating controls reduce exposure but do not eliminate the underlying authorization flaw; vendor patching remains the primary remediation.
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary comman
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra
Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-P
Information disclosure in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows unaut
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PI
Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, aut
Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal a
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an au
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27862
GHSA-qwrq-5c2q-3p3m