Cisco Identity Services Engine Unauthenticated Information Disclosure Exposes Password Hashes (CVE-2026-20190)

Scope: Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), All Versions Prior to Fixed Releases

Severity: High

An improper authorization flaw (CVSS 7.5) in Cisco ISE allows any unauthenticated remote attacker to send specially crafted network traffic to an affected device and bypass access restrictions, retrieving sensitive information including password hashes and NTLM hashes that can be used for offline cracking attacks to compromise user and service accounts across the enterprise. Given ISE's role as the central authentication policy engine in enterprise networks, exposed credential hashes represent a direct path toward broader network infiltration, privilege escalation, and lateral movement into segmented zones. Cisco confirms no workarounds exist; organizations must apply the ISE software updates specified in the advisory immediately, restrict ISE management interface access to trusted IP ranges via ACLs, deploy IDS/IPS to detect malformed requests targeting sensitive ISE endpoints, and enforce strong password policies to reduce the effectiveness of offline cracking attempts.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.