CVE-2026-20190

HIGH

Cisco Identity Services Engine Information Disclosure Vulnerability

Title source: cna
STIX 2.1

Description

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.

Scores

CVSS v3 7.5
EPSS 0.0041
EPSS Percentile 32.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-285
Status published
Products (14)
Cisco/Cisco Identity Services Engine Software 3.4 Patch 1
Cisco/Cisco Identity Services Engine Software 3.4 Patch 2
Cisco/Cisco Identity Services Engine Software 3.4 Patch 3
Cisco/Cisco Identity Services Engine Software 3.4 Patch 4
Cisco/Cisco Identity Services Engine Software 3.4 Patch 5
Cisco/Cisco Identity Services Engine Software 3.4.0
Cisco/Cisco Identity Services Engine Software 3.5 Patch 1
Cisco/Cisco Identity Services Engine Software 3.5 Patch 2
Cisco/Cisco Identity Services Engine Software 3.5.0
Cisco/Cisco ISE Passive Identity Connector 3.4.0
... and 4 more
Published Jun 17, 2026
Tracked Since Jun 17, 2026