CVE-2026-20195
MEDIUM EPSS 19.2%
Published May 6, 20261mo ago · Modified Jun 29, 2026today
5.3 CVSS 3.1
Published May 6, 2026 1mo ago
Last Modified Jun 29, 2026 today
Description
A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None
Threat Intelligence
EPSS Exploit Probability
19.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-204
Affected Products 21
| Vendor | Product | Version | Range |
|---|---|---|---|
| cisco | identity_services_engine | * | ≤3.2.0 |
| cisco | identity_services_engine | 3.3.0 | any |
| cisco | identity_services_engine | 3.3.0 | any |
| cisco | identity_services_engine | 3.3.0 | any |
| cisco | identity_services_engine | 3.3.0 | any |
| cisco | identity_services_engine | 3.3.0 | any |
| cisco | identity_services_engine | 3.3.0 | any |
| cisco | identity_services_engine | 3.3.0 | any |
| cisco | identity_services_engine | 3.3.0 | any |
| cisco | identity_services_engine | 3.3.0 | any |
| cisco | identity_services_engine | 3.3.0 | any |
| cisco | identity_services_engine | 3.3.0 | any |
| cisco | identity_services_engine | 3.4.0 | any |
| cisco | identity_services_engine | 3.4.0 | any |
| cisco | identity_services_engine | 3.4.0 | any |
| cisco | identity_services_engine | 3.4.0 | any |
| cisco | identity_services_engine | 3.4.0 | any |
| cisco | identity_services_engine | 3.4.0 | any |
| cisco | identity_services_engine | 3.5.0 | any |
| cisco | identity_services_engine | 3.5.0 | any |
| cisco | identity_services_engine | 3.5.0 | any |
References 1
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.