Jun 05, 2025Ravie LakshmananNetwork Safety / Vulnerability
Cisco has launched safety patches to handle a essential safety flaw impacting the Id Providers Engine (ISE) that, if efficiently exploited, may permit unauthenticated actors to hold out malicious actions on inclined techniques.
The safety defect, tracked as CVE-2025-20286, carries a CVSS rating of 9.9 out of 10.0. It has been described as a static credential vulnerability.
“A vulnerability in Amazon Net Providers (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Id Providers Engine (ISE) may permit an unauthenticated, distant attacker to entry delicate information, execute restricted administrative operations, modify system configurations, or disrupt providers inside the impacted techniques,” the corporate stated in an advisory.
The networking tools maker, which credited Kentaro Kawane of GMO Cybersecurity for reporting the flaw, famous it is conscious of the existence of a proof-of-concept (PoC) exploit. There isn’t a proof that it has been maliciously exploited within the wild.
Cisco stated the problem stems from the truth that credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, inflicting totally different deployments to share the identical credentials so long as the software program launch and cloud platform are the identical.
Put otherwise, the static credentials are particular to every launch and platform, however aren’t legitimate throughout platforms. As the corporate highlights, all situations of Cisco ISE launch 3.1 on AWS may have the identical static credentials.
Nonetheless, credentials which are legitimate for entry to a launch 3.1 deployment wouldn’t be legitimate to entry a launch 3.2 deployment on the identical platform. Moreover, Launch 3.2 on AWS wouldn’t have the identical credentials as Launch 3.2 on Azure.
Profitable exploitation of the vulnerability may allow an attacker to extract the person credentials from the Cisco ISE cloud deployment after which use it to entry Cisco ISE deployed in different cloud environments by unsecured ports.
This might in the end permit unauthorized entry to delicate information, execution of restricted administrative operations, modifications to system configurations, or service disruptions. That stated, Cisco ISE is simply affected in instances the place the Main Administration node is deployed within the cloud. Main Administration nodes which are on-premises aren’t impacted.
The next variations are affected –
AWS – Cisco ISE 3.1, 3.2, 3.3, and three.4
Azure – Cisco ISE 3.2, 3.3, and three.4
OCI – Cisco ISE 3.2, 3.3, and three.4
Whereas there aren’t any workarounds to handle CVE-2025-20286, Cisco is recommending that customers prohibit visitors to licensed directors or run the “utility reset-config ise” command to reset person passwords to a brand new worth. Nonetheless, it bears noting that working the command will reset Cisco ISE to the manufacturing facility configuration.
Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.
