Description
A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device.

This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system.
Published: 2026-05-06
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A remote, unauthenticated attacker can exploit an identity management API endpoint by sending crafted requests and observing whether the responses differ. This differential response reveals whether a username is valid, allowing the adversary to construct a full list of legitimate accounts on the device. The vulnerability is caused by information disclosure through variable error messages (CWE-204). The primary impact is the compromise of confidentiality through unchecked enumeration, which can serve as a stepping stone to more invasive attacks such as privilege escalation or credential harvesting.

Affected Systems

The vulnerability affects Cisco Identity Services Engine Software. Specific product versions are not listed in the advisory, so any build prior to the issued fix is potentially impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score is not available, suggesting limited data on exploitation frequency. The vulnerability is not currently listed in the CISA KEV catalog. An attacker can exploit the flaw over the network, without authentication, by targeting the exposed API endpoint and interpreting error messages. Because the attack requires only standard HTTP(S) requests, the exploit is relatively easy to craft, but no known active exploitation is reported at this time.

Generated by OpenCVE AI on May 6, 2026 at 17:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco ISE patch or upgrade to a version that eliminates the distinguishable error responses as described in the Cisco Security Advisory.
  • Limit access to the vulnerable API by placing the ISE server behind a firewall or VPN and restricting connections to approved IP ranges.
  • Ensure that error responses on the API are generic and do not disclose enumeration information;

Generated by OpenCVE AI on May 6, 2026 at 17:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco identity Services Engine Software
Vendors & Products Cisco
Cisco identity Services Engine Software

Wed, 06 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system.
Title Cisco Identity Services Engine Observable Response Discrepancy Vulnerability
Weaknesses CWE-204
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Cisco Identity Services Engine Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-05-06T17:48:38.355Z

Reserved: 2025-10-08T11:59:15.396Z

Link: CVE-2026-20195

cve-icon Vulnrichment

Updated: 2026-05-06T17:35:02.527Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T17:16:21.630

Modified: 2026-05-06T18:59:53.230

Link: CVE-2026-20195

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T20:15:15Z

Weaknesses