CVE-2026-20190 - Vulnerability Details - OpenCVE

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00371.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv

History

Thu, 18 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.
Title		Cisco Identity Services Engine Information Disclosure Vulnerability
Weaknesses		CWE-285
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2026-06-17T16:17:04.911Z

Updated: 2026-06-17T17:16:45.425Z

Reserved: 2025-10-08T11:59:15.395Z

Link: CVE-2026-20190

Vulnrichment

Updated: 2026-06-17T17:16:39.919Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20190", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.395Z", "datePublished": "2026-06-17T16:17:04.911Z", "dateUpdated": "2026-06-17T17:16:45.425Z"}, "containers": {"cna": {"title": "Cisco Identity Services Engine Information Disclosure Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv", "name": "cisco-sa-ise-multi-G5WP8vv"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-ise-multi-G5WP8vv", "discovery": "EXTERNAL", "defects": ["CSCwt22936"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Authorization", "type": "cwe", "cweId": "CWE-285"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"version": "3.4.0", "status": "affected"}, {"version": "3.4 Patch 1", "status": "affected"}, {"version": "3.4 Patch 2", "status": "affected"}, {"version": "3.4 Patch 3", "status": "affected"}, {"version": "3.5.0", "status": "affected"}, {"version": "3.4 Patch 4", "status": "affected"}, {"version": "3.5 Patch 1", "status": "affected"}, {"version": "3.4 Patch 5", "status": "affected"}, {"version": "3.5 Patch 2", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco ISE Passive Identity Connector", "versions": [{"version": "3.4.0", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-06-17T16:17:04.911Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-17T17:14:11.061077Z", "id": "CVE-2026-20190", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T17:16:45.425Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20190", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-17T17:14:11.061077Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T17:16:39.919Z"}}], "cna": {"title": "Cisco Identity Services Engine Information Disclosure Vulnerability", "source": {"defects": ["CSCwt22936"], "advisory": "cisco-sa-ise-multi-G5WP8vv", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"status": "affected", "version": "3.4.0"}, {"status": "affected", "version": "3.4 Patch 1"}, {"status": "affected", "version": "3.4 Patch 2"}, {"status": "affected", "version": "3.4 Patch 3"}, {"status": "affected", "version": "3.5.0"}, {"status": "affected", "version": "3.4 Patch 4"}, {"status": "affected", "version": "3.5 Patch 1"}, {"status": "affected", "version": "3.4 Patch 5"}, {"status": "affected", "version": "3.5 Patch 2"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco ISE Passive Identity Connector", "versions": [{"status": "affected", "version": "3.4.0"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv", "name": "cisco-sa-ise-multi-G5WP8vv"}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-285", "description": "Improper Authorization"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-06-17T16:17:04.911Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20190", "state": "PUBLISHED", "dateUpdated": "2026-06-17T17:16:45.425Z", "dateReserved": "2025-10-08T11:59:15.395Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-06-17T16:17:04.911Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}