CVE-2026-20190

Summary

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device.

This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Identity Services Engine Software3.4.0affected
CiscoCisco Identity Services Engine Software3.4 Patch 1affected
CiscoCisco Identity Services Engine Software3.4 Patch 2affected
CiscoCisco Identity Services Engine Software3.4 Patch 3affected
CiscoCisco Identity Services Engine Software3.5.0affected
CiscoCisco Identity Services Engine Software3.4 Patch 4affected
CiscoCisco Identity Services Engine Software3.5 Patch 1affected
CiscoCisco Identity Services Engine Software3.4 Patch 5affected
CiscoCisco Identity Services Engine Software3.5 Patch 2affected
CiscoCisco ISE Passive Identity Connector3.4.0affected

Weaknesses

  • CWE-285: Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References