Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device.
This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system.
AnalysisAI
Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity management API endpoint by analyzing differentiated error responses to crafted requests. The vulnerability enables account enumeration with no authentication required, network-accessible attack surface, and low complexity exploitation, resulting in partial information disclosure of valid usernames on affected systems.
Technical ContextAI
Cisco Identity Services Engine (ISE) is an identity and access management platform that exposes REST API endpoints for identity management operations. The vulnerability stems from insufficient error message differentiation in the affected API endpoint - the system returns distinct error responses when processing requests with valid versus invalid usernames. This information leakage violates CWE-204 (Observable Discrepancy), a root cause where error messages inadvertently reveal sensitive information that should be hidden from unauthenticated callers. The affected API endpoint fails to implement consistent error responses or rate limiting, allowing attackers to systematically probe the endpoint and extract valid usernames through response analysis.
RemediationAI
Consult Cisco Security Advisory cisco-sa-ise-unauth-bypass-uxjRXGpb at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb for specific patched ISE versions and upgrade instructions. As interim compensating controls, restrict network access to the affected API endpoint using firewall rules or Web Application Firewall (WAF) policies to allow only trusted internal systems. Implement API rate limiting on the identity management endpoint to increase the cost of enumeration attacks and improve detectability of automated probing. Monitor API access logs for repeated requests to the affected endpoint with varying username parameters and alert on anomalous patterns. Disable or restrict the affected API endpoint if it is not required for operational use, accepting the trade-off of reduced API functionality.
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary comman
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra
Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-P
Information disclosure in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows unaut
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PI
Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, aut
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal a
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an au
Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADI
Same weakness CWE-204 – Observable Response Discrepancy
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27863
GHSA-63pc-j336-8qq4