AI description
CVE-2026-20190 is an information disclosure vulnerability found in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). This flaw allows an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability stems from improper authorization checks when a resource is accessed. An attacker can exploit this by sending specially crafted network requests to the affected Cisco ISE systems, enabling them to view sensitive data, including hashed credentials.
- Description
- A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- psirt@cisco.com
- CWE-285
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
🚨 Cisco ISE patch watch: Cisco fixed CVE-2026-20181 and CVE-2026-20190 in ISE and ISE-PIC. The advisory says the flaws can enable remote code execution or sensitive information disclosure, with no workarounds. #Cisco #Cyber https://t.co/ElVl2jK4ES
@Divinmentis
18 Jun 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
『allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected device.』 CVE-2026-20181 CVE-2026-20190 Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities https://t.co/f3fITtqm4R
@autumn_good_35
18 Jun 2026
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【セキュリティ ニュース】「Cisco ISE」にRCE脆弱性 - 端末の接続に影響するおそれも(1ページ目 / 全2ページ):Security NEXT https://t.co/jk6yaf7Smc CVE-2026-20181/CVE-2026-20190 Cisco Identity Services Engineにおけるリモートコー
@taku888infinity
18 Jun 2026
1251 Impressions
1 Retweet
3 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨*CVE* CVE-2026-20190 A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is… https://t.co/rPBBiO5uwh ----- Traducción: CVE-2026-20190 Una v… https://t.co/utmtNg
@infoflowcloud
17 Jun 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Cisco ISE vulnerabilities expose networks to Remote Code Execution (CVE-2026-20181) and data theft (CVE-2026-20190). Patch affected systems now. #CiscoISE #CyberSecurity #CVE202620181 #CVE202620190 #InfoSec https://t.co/Rdjc5MElon https://t.co/DhHIGCFdwU
@the_yellow_fall
17 Jun 2026
414 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
1 Quote