Description
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device.

This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.
Published: 2026-06-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Cisco Identity Services Engine and its Passive Identity Connector allows an unauthenticated remote user to view sensitive data by bypassing proper authorization checks when accessing a protected resource. The vulnerability can expose hashed credentials and other confidential information, thereby increasing the risk of future credential reuse or other credential‑based attacks. The weakness is a classic example of unauthorized access (CWE-285).

Affected Systems

The affected products include Cisco Identity Services Engine (ISE) software and the ISE Passive Identity Connector (ISE‑PIC). Any device running these components is potentially vulnerable unless patched or otherwise secured.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity impact, while the EPSS score of less than 1% shows a low probability of widespread exploitation at this time. The attack does not require authentication or prior foothold; an attacker can simply send crafted traffic from any remote network. Since the vulnerability is not listed in CISA KEV, it has not yet been confirmed as widely exploited, but the potential to expose credential data makes it a priority for mitigation.

Generated by OpenCVE AI on June 18, 2026 at 18:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch that corrects the unauthorized access flaw for Cisco ISE and ISE‑PIC.
  • Limit inbound connections to the ISE management interfaces to trusted IP ranges or VPN endpoints.
  • Implement network segmentation or firewall rules to block unexpected traffic from reaching the ISE services.
  • Continuously monitor log files for anomalous access attempts to the ISE endpoints and investigate any suspicious activity.

Generated by OpenCVE AI on June 18, 2026 at 18:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco identity Services Engine Passive Identity Connector
Cisco identity Services Engine Software
Vendors & Products Cisco
Cisco identity Services Engine Passive Identity Connector
Cisco identity Services Engine Software

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.
Title Cisco Identity Services Engine Information Disclosure Vulnerability
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Subscriptions

Cisco Identity Services Engine Passive Identity Connector Identity Services Engine Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-06-17T17:16:45.425Z

Reserved: 2025-10-08T11:59:15.395Z

Link: CVE-2026-20190

cve-icon Vulnrichment

Updated: 2026-06-17T17:16:39.919Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T09:32:50Z

Weaknesses