CVE-2026-20193
Unauthorized Information Disclosure in Cisco ISE via RADIUS Policy API
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ise | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the RADIUS Policy API endpoints of Cisco ISE. It allows an authenticated remote attacker who has read-only Administrator privileges to bypass role-based access controls and gain unauthorized read access to sensitive RADIUS Policy information.
The issue arises because the RADIUS Policy API endpoints do not properly enforce role-based access control permissions, enabling attackers to bypass the web-based management interface and directly call the vulnerable endpoints.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could gain unauthorized access to sensitive RADIUS Policy details that should be restricted based on their role.
This unauthorized access could lead to exposure of sensitive configuration information, potentially aiding further attacks or misuse of network authentication policies.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an authenticated attacker with read-only Administrator privileges to gain unauthorized read access to sensitive RADIUS Policy details by bypassing role-based access control (RBAC).
Unauthorized access to sensitive information could potentially lead to non-compliance with standards and regulations such as GDPR and HIPAA, which require strict controls on access to sensitive data.
However, the provided information does not explicitly describe the direct impact on compliance with these standards or any regulatory consequences.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or methods provided to identify exploitation of this vulnerability on your network or system.
Since the vulnerability involves bypassing role-based access control by directly calling RADIUS Policy API endpoints, monitoring for unusual or unauthorized API calls to these endpoints could help detect potential exploitation.
However, no explicit detection commands or tools are mentioned in the available information.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to apply the software updates released by Cisco that fix this vulnerability.
- Upgrade affected Cisco ISE versions to fixed releases: 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3.
- Alternatively, upgrade to version 3.6 or later, which is not vulnerable.
There are no available workarounds for this vulnerability, so timely patching is critical.