Cisco has released security patches to address a critical security lack that affects the identity engine (ISE), which, if successfully used, can allow unauthorized actors to carry out malicious actions on sensitive systems.
Security defect, tracked as Cve-2025-20286Carries CVSS 9.9 out of 10.0. This has been described as static vulnerability of accounts.
“The vulnerability in Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud Infrastructure (OCI) deploying Cisco Identiss Services Engine (ISE) can allow unauthorized, remote attackers to access sensitive data Violations of services within the affected systems “,” the company that has suffered – Note In advisory.
The creator of the network equipment attributed to Kentar Kentar from the Cybersecurity GMO for reports of the shortage, noted that he knew about the exploitation of the concept (POC). There is no evidence that in the wild it is angrily exploited.
Cisco said the problem follows that the credentials are incorrectly generated when Cisco ISE unfolds on cloud platforms, causing different deployments to share the same powers as long as the software release and the cloud platform are the same.
Otherwise, static credentials are characteristic of each issue and platforms, but do not act on the platforms. According to the company, all cases of Cisco ISE 3.1 release will have the same static credentials.
However, the credentials operating for access to release 3.1 will not be valid for access to the deployment of 3.2 on the same platform. In addition, Issue 3.2 on AWS will not have the same powers as I release 3.2 on Azure.
Successful exploitation of vulnerability can allow the attacker to extract user credentials from Cisco ISE deployment, and then use it to access Cisco ISE, deployed in other cloud conditions through unsecured ports.
This may eventually allow unauthorized access to sensitive data, executing limited administrative operations, changes to system configurations or service disruptions. Given this, Cisco ISE affects only in cases where the node of primary administration is expanded in the cloud. The primary nodes of the introduction in the local do not affect.
Affected by the following versions –
- AWS – Cisco ISE 3.1, 3.2, 3.3 and 3.4
- Azure – Cisco ISE 3.2, 3.3 and 3.4
- OCI – CISCO ISE 3.2, 3.3 and 3.4
While there are no solutions to solve CVE-2025-20286, Cisco recommends users to restrict traffic to authorized administrators or launch the “Reset-Config ISE” command to reset users’ passwords to the new value. However, he notes that the team launch will reset Cisco ISE to the factory configuration.