SAN JOSE, June 5, 2025 - Cisco has issued urgent security patches to address a critical vulnerability in its Identity Services Engine (ISE), identified as CVE-2025-20286, which poses significant risks to cloud deployments on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). With a CVSS score of 9.9 out of 10, this static credential flaw could allow unauthenticated remote attackers to access sensitive data, perform limited administrative tasks, modify system configurations, or disrupt services.
The issue, discovered by Kentaro Kawane of GMO Cybersecurity, affects organizations relying on Cisco ISE for network access control in cloud environments.
Understanding the Vulnerability
The flaw arises from improperly generated static credentials during Cisco ISE deployment on cloud platforms, resulting in identical credentials across multiple instances of the same software release and platform. For example, all Cisco ISE release 3.1 deployments on AWS share the same credentials, but these differ from release 3.2 or Azure deployments.
Attackers can exploit this by extracting credentials from one cloud-based ISE instance and using them to access other instances on the same platform and release them through unsecured ports, potentially compromising enterprise networks. Notably, only deployments with the primary administration node in the cloud are affected; on-premises nodes are unaffected.
Impact and Affected Versions
Successful exploitation could lead to severe consequences, including unauthorized data access, configuration tampering, or service disruptions. The vulnerability impacts the following versions:
- AWS: Cisco ISE 3.1, 3.2, 3.3, and 3.4
- Azure: Cisco ISE 3.2, 3.3, and 3.4
- OCI: Cisco ISE 3.2, 3.3, and 3.4
Cisco has confirmed the existence of a proof-of-concept exploit, increasing the urgency for organizations to act, though no malicious exploitation has been reported.
ALSO READ | DeepSeek’s R1-0528 AI Model Sparks Debate Over Google Gemini Training Data
Recommended Actions and Mitigation
Cisco has released software updates to address the vulnerability, urging administrators to apply patches immediately. No workarounds are available, but Cisco recommends restricting network traffic to authorized administrators or executing the "application reset-config ise" command to reset credentials.
This command, however, resets the system to factory settings, requiring careful planning to avoid operational disruptions. Administrators are also advised to review cloud deployment configurations to ensure the primary administration node is secure and to monitor for unauthorized access attempts.
Did You Know?
Cisco Identity Services Engine (ISE) is a critical network access control platform used by enterprises to enforce security policies and manage device authentication across complex networks.
Broader Context and Industry Response
This vulnerability follows other recent Cisco ISE security issues, including CVE-2025-20124 and CVE-2025-20125, which enabled command execution and privilege escalation. The recurring flaws highlight the challenges of securing enterprise network tools in cloud environments, where static credential management can expose critical systems.
Organizations are increasingly urged to adopt automated patching and robust credential management solutions to mitigate such risks, especially as cloud adoption grows.
Comments (0)
Please sign in to leave a comment