Cisco this week introduced fixes for a dozen vulnerabilities in its merchandise, together with a critical-severity flaw impacting the cloud deployments of Id Companies Engine (ISE) for which proof-of-concept (PoC) code exists.
The important situation, tracked as CVE-2025-20286 (CVSS rating of 9.9), exists as a result of credentials are improperly generated when deploying ISE on Amazon Net Companies (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI).
As a result of the improperly generated credentials are shared throughout a number of ISE deployments working the identical launch, an attacker might use them to entry ISE situations in several cloud environments.
“A profitable exploit might permit the attacker to entry delicate knowledge, execute restricted administrative operations, modify system configurations, or disrupt companies inside the impacted programs,” Cisco says.
The problem solely impacts ISE situations wherein the Major Administration node is deployed within the cloud, the tech big says.
Cisco warns in its advisory that there are not any workarounds for this vulnerability and that PoC exploit code concentrating on the safety defect exists.
The corporate has launched scorching fixes that apply to ISE releases 3.1 to three.4, noting that ISE variations 3.0 and earlier should not affected.
Of the remaining vulnerabilities, two are high-severity flaws associated to the SSH connectivity of Built-in Administration Controller (IMC) and Nexus Dashboard Cloth Controller (NDFC).Commercial. Scroll to proceed studying.
The primary, tracked as CVE-2025-20261 (CVSS rating of 8.8), impacts the UCS B, C, S, and X sequence servers that settle for incoming SSH connections to the IMC. Home equipment based mostly on pre-configured variations of UCS C-series servers are additionally affected
Inadequate restrictions on entry to inside companies permit a logged-in attacker to entry these companies with elevated privileges and make unauthorized modifications. The attacker might create new administrative accounts on the affected gadgets, Cisco says.
The second high-severity situation, tracked as CVE-2025-20163 (CVSS rating of 8.7), is described as an inadequate SSH host key validation within the SSH implementation of NDFC that enables an attacker to intercept SSH site visitors by performing a machine-in-the-middle assault, and seize person credentials.
All gadgets working NDFC – beforehand referred to as Knowledge Heart Community Supervisor (DCNM) – are affected by the safety defect, no matter their configuration, the tech big warns.
Cisco additionally launched fixes for 9 medium-severity flaws in Unified Communications merchandise, Unified Contact Heart Categorical (Unified CCX), ThousandEyes Endpoint Agent for Home windows, Id Companies Engine (ISE), ISE Passive Id Connector (ISE-PIC), Unified Clever Contact Administration Enterprise, and Buyer Collaboration Platform (CCP).
Profitable exploitation of those vulnerabilities might permit attackers to execute arbitrary instructions as root, carry out an XSS assault, execute arbitrary code, delete arbitrary recordsdata, add recordsdata, or persuade customers to reveal delicate knowledge.
The corporate warned that proof-of-concept (PoC) code was publicly out there for 2 of the medium-severity points (CVE-2025-20130, impacting ISE and ISE-PIC; and CVE-2025-20129, affecting CCP, previously SocialMiner), however stated it was not conscious of any of the safety defects being exploited in assaults.
Customers are suggested to replace their Cisco home equipment as quickly as potential. Extra data on these vulnerabilities could be discovered on Cisco’s safety advisories web page.
Associated: Technical Particulars Printed for Vital Cisco IOS XE Vulnerability
Associated: Splunk Patches Dozens of Vulnerabilities
Associated: Zoom Patches 4 Excessive-Severity Vulnerabilities
Associated: Zyxel Points ‘No Patch’ Warning for Exploited Zero-Days
