Skip to main content

Cisco ISE EUVDEUVD-2026-27863

| CVE-2026-20195 MEDIUM
Observable Response Discrepancy (CWE-204)
2026-05-06 cisco GHSA-63pc-j336-8qq4
5.3
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 06, 2026 - 17:34 vuln.today

DescriptionCVE.org

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device.

This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system.

AnalysisAI

Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity management API endpoint by analyzing differentiated error responses to crafted requests. The vulnerability enables account enumeration with no authentication required, network-accessible attack surface, and low complexity exploitation, resulting in partial information disclosure of valid usernames on affected systems.

Technical ContextAI

Cisco Identity Services Engine (ISE) is an identity and access management platform that exposes REST API endpoints for identity management operations. The vulnerability stems from insufficient error message differentiation in the affected API endpoint - the system returns distinct error responses when processing requests with valid versus invalid usernames. This information leakage violates CWE-204 (Observable Discrepancy), a root cause where error messages inadvertently reveal sensitive information that should be hidden from unauthenticated callers. The affected API endpoint fails to implement consistent error responses or rate limiting, allowing attackers to systematically probe the endpoint and extract valid usernames through response analysis.

RemediationAI

Consult Cisco Security Advisory cisco-sa-ise-unauth-bypass-uxjRXGpb at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb for specific patched ISE versions and upgrade instructions. As interim compensating controls, restrict network access to the affected API endpoint using firewall rules or Web Application Firewall (WAF) policies to allow only trusted internal systems. Implement API rate limiting on the identity management endpoint to increase the cost of enumeration attacks and improve detectability of automated probing. Monitor API access logs for repeated requests to the affected endpoint with varying username parameters and alert on anomalous patterns. Disable or restrict the affected API endpoint if it is not required for operational use, accepting the trade-off of reduced API functionality.

CVE-2026-20186 CRITICAL
9.9 Apr 15

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra

CVE-2026-20147 CRITICAL
9.9 Apr 15

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary comman

CVE-2026-20180 CRITICAL
9.9 Apr 15

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra

CVE-2026-20181 CRITICAL
9.1 Jun 17

Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-P

CVE-2026-20190 HIGH
7.5 Jun 17

Information disclosure in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows unaut

CVE-2026-20136 MEDIUM
6.0 Apr 15

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PI

CVE-2026-20146 MEDIUM
5.5 Jul 15

Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, aut

CVE-2026-20148 MEDIUM
4.9 Apr 15

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal a

CVE-2026-20132 MEDIUM
4.8 Apr 15

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an au

CVE-2026-20193 MEDIUM
4.3 May 06

Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADI

Share

EUVD-2026-27863 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy