Primary

Context

Cisco Identity Services Engine RADIUS Policy API Authentication Bypass Vulnerability

Vulnerability

Patched

An authentication bypass vulnerability has been identified in the RADIUS Policy API endpoints of Cisco Identity Services Engine (ISE). This vulnerability allows an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive RADIUS Policy information on the affected device. The issue arises from improper role-based access control (RBAC) permissions, enabling attackers to bypass the web-based management interface and directly call the vulnerable API endpoints.

Impact

Exploitation of this vulnerability could lead to unauthorized read access to sensitive RADIUS Policy details that are normally restricted based on the user's role.

Remediation

Users can upgrade to Cisco ISE version 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3. For versions 3.2 and earlier, migrating to a fixed release is recommended.

Added: May 6, 2026, 6:41 PM

Updated: May 6, 2026, 6:41 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.7

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.7

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Identity Services Engine RADIUS Policy API Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Identity Services Engine

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating