Cisco has launched patches to deal with three vulnerabilities with public exploit code in its Identification Companies Engine (ISE) and Buyer Collaboration Platform (CCP) options.
Essentially the most extreme of the three is a vital static credential vulnerability tracked as CVE-2025-20286, discovered by GMO Cybersecurity’s Kentaro Kawane in Cisco ISE. This identity-based coverage enforcement software program supplies endpoint entry management and community machine administration in enterprise environments.
The vulnerability is because of improperly generated credentials when deploying Cisco ISE on cloud platforms, leading to shared credentials throughout totally different deployments.
Unauthenticated attackers can exploit it by extracting person credentials from Cisco ISE cloud deployments and utilizing them to entry installations in different cloud environments. Nevertheless, as Cisco defined, menace actors can exploit this flaw efficiently provided that the Main Administration node is deployed within the cloud.
“A vulnerability in Amazon Net Companies (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identification Companies Engine (ISE) might permit an unauthenticated, distant attacker to entry delicate information, execute restricted administrative operations, modify system configurations, or disrupt companies throughout the impacted methods,” the corporate defined.
“The Cisco PSIRT is conscious that proof-of-concept exploit code is accessible for the vulnerability that’s described on this advisory.”
Cisco added that the next ISE deployments will not be weak to assaults:
- All on-premises deployments with any kind elements the place artifacts are put in from the Cisco Software program Obtain Middle (ISO or OVA). This contains home equipment and digital machines with totally different kind elements.
- ISE on Azure VMware Resolution (AVS)
- ISE on Google Cloud VMware Engine
- ISE on VMware cloud in AWS
- ISE hybrid deployments with all ISE Administrator personas (Main and Secondary Administration) on-premises with different personas within the cloud.
The corporate advises admins nonetheless ready for a hotfix or who can not instantly apply the hotfixes launched right now to run the software reset-config ise command on the Main Administration persona cloud node to reset person passwords to a brand new worth.
Nevertheless, admins must also remember that this command will reset Cisco ISE to the manufacturing facility configuration and that restoring backups will even restore the unique credentials.
The opposite two safety bugs with proof-of-concept exploit code patched right now are an arbitrary file add (CVE-2025-20130) in Cisco ISE and an data disclosure (CVE-2025-20129) within the Cisco Buyer Collaboration Platform (previously Cisco SocialMiner).
In September, Cisco patched one other ISE flaw, a command injection vulnerability with public exploit code that may let attackers escalate privileges to root on unpatched methods.
Handbook patching is outdated. It is sluggish, error-prone, and hard to scale.
Be part of Kandji + Tines on June 4 to see why outdated strategies fall quick. See real-world examples of how trendy groups use automation to patch sooner, reduce threat, keep compliant, and skip the advanced scripts.
