Cisco Identity Services Engine Observable Response Discrepancy Vulnerability_CVE-2026-20195

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device.

This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system.

Basic Information

ID CVE-2026-20195

Source cisco

Published May 6, 2026 at 16:14

Affected Product

Vendor Cisco

Product Cisco Identity Services Engine Software

Version 3.3.0

Affected Versions Cisco Cisco Identity Services Engine Software 3.3.0
Cisco Cisco Identity Services Engine Software 3.3 Patch 2
Cisco Cisco Identity Services Engine Software 3.3 Patch 1
Cisco Cisco Identity Services Engine Software 3.3 Patch 3
Cisco Cisco Identity Services Engine Software 3.4.0
Cisco Cisco Identity Services Engine Software 3.3 Patch 4
Cisco Cisco Identity Services Engine Software 3.4 Patch 1
Cisco Cisco Identity Services Engine Software 3.3 Patch 5
Cisco Cisco Identity Services Engine Software 3.3 Patch 6
Cisco Cisco Identity Services Engine Software 3.4 Patch 2
Cisco Cisco Identity Services Engine Software 3.3 Patch 7
Cisco Cisco Identity Services Engine Software 3.4 Patch 3
Cisco Cisco Identity Services Engine Software 3.5.0
Cisco Cisco Identity Services Engine Software 3.4 Patch 4
Cisco Cisco Identity Services Engine Software 3.3 Patch 8
Cisco Cisco Identity Services Engine Software 3.5 Patch 1
Cisco Cisco Identity Services Engine Software 3.3 Patch 9
Cisco Cisco Identity Services Engine Software 3.4 Patch 5
Cisco Cisco Identity Services Engine Software 3.5 Patch 3
Cisco Cisco Identity Services Engine Software 3.5 Patch 2
Cisco Cisco Identity Services Engine Software 3.3 Patch 10

References

sec.cloudapps.cisco.com /security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb

{
    "lastseen": "",
    "description": "A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device.\r\n\r\nThis vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system.",
    "published": "2026-05-06T16:14:54.611Z",
    "modified": "2026-05-06T16:14:54.611Z",
    "type": "cve",
    "title": "Cisco Identity Services Engine Observable Response Discrepancy Vulnerability",
    "source": "cisco",
    "references": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb",
    "id": "CVE-2026-20195",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Cisco Cisco Identity Services Engine Software 3.3.0\nCisco Cisco Identity Services Engine Software 3.3 Patch 2\nCisco Cisco Identity Services Engine Software 3.3 Patch 1\nCisco Cisco Identity Services Engine Software 3.3 Patch 3\nCisco Cisco Identity Services Engine Software 3.4.0\nCisco Cisco Identity Services Engine Software 3.3 Patch 4\nCisco Cisco Identity Services Engine Software 3.4 Patch 1\nCisco Cisco Identity Services Engine Software 3.3 Patch 5\nCisco Cisco Identity Services Engine Software 3.3 Patch 6\nCisco Cisco Identity Services Engine Software 3.4 Patch 2\nCisco Cisco Identity Services Engine Software 3.3 Patch 7\nCisco Cisco Identity Services Engine Software 3.4 Patch 3\nCisco Cisco Identity Services Engine Software 3.5.0\nCisco Cisco Identity Services Engine Software 3.4 Patch 4\nCisco Cisco Identity Services Engine Software 3.3 Patch 8\nCisco Cisco Identity Services Engine Software 3.5 Patch 1\nCisco Cisco Identity Services Engine Software 3.3 Patch 9\nCisco Cisco Identity Services Engine Software 3.4 Patch 5\nCisco Cisco Identity Services Engine Software 3.5 Patch 3\nCisco Cisco Identity Services Engine Software 3.5 Patch 2\nCisco Cisco Identity Services Engine Software 3.3 Patch 10",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cisco Identity Services Engine Software",
    "version": "3.3.0",
    "vendor": "Cisco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply