Cisco has launched patches to deal with three vulnerabilities with public exploit code in its Identification Providers Engine (ISE) and Buyer Collaboration Platform (CCP) options.
Probably the most extreme of the three is a crucial static credential vulnerability tracked as CVE-2025-20286, discovered by GMO Cybersecurity’s Kentaro Kawane in Cisco ISE. This identity-based coverage enforcement software program supplies endpoint entry management and community system administration in enterprise environments.
The vulnerability is because of improperly generated credentials when deploying Cisco ISE on cloud platforms, leading to shared credentials throughout totally different deployments.
Unauthenticated attackers can exploit it by extracting consumer credentials from Cisco ISE cloud deployments and utilizing them to entry installations in different cloud environments. Nonetheless, as Cisco defined, menace actors can exploit this flaw efficiently provided that the Main Administration node is deployed within the cloud.
“A vulnerability in Amazon Net Providers (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identification Providers Engine (ISE) might permit an unauthenticated, distant attacker to entry delicate information, execute restricted administrative operations, modify system configurations, or disrupt companies inside the impacted programs,” the corporate defined.
“The Cisco PSIRT is conscious that proof-of-concept exploit code is out there for the vulnerability that’s described on this advisory.”
Cisco added that the next ISE deployments are usually not susceptible to assaults:
- All on-premises deployments with any type elements the place artifacts are put in from the Cisco Software program Obtain Heart (ISO or OVA). This contains home equipment and digital machines with totally different type elements.
- ISE on Azure VMware Resolution (AVS)
- ISE on Google Cloud VMware Engine
- ISE on VMware cloud in AWS
- ISE hybrid deployments with all ISE Administrator personas (Main and Secondary Administration) on-premises with different personas within the cloud.
The corporate advises admins nonetheless ready for a hotfix or who can’t instantly apply the hotfixes launched right this moment to run the utility reset-config ise command on the Main Administration persona cloud node to reset consumer passwords to a brand new worth.
Nonetheless, admins also needs to remember that this command will reset Cisco ISE to the manufacturing unit configuration and that restoring backups may also restore the unique credentials.
The opposite two security bugs with proof-of-concept exploit code patched right this moment are an arbitrary file add (CVE-2025-20130) in Cisco ISE and an data disclosure (CVE-2025-20129) within the Cisco Buyer Collaboration Platform (previously Cisco SocialMiner).
In September, Cisco patched one other ISE flaw, a command injection vulnerability with public exploit code that may let attackers escalate privileges to root on unpatched programs.
Guide patching is outdated. It is sluggish, error-prone, and difficult to scale.
Be a part of Kandji + Tines on June 4 to see why previous strategies fall brief. See real-world examples of how fashionable groups use automation to patch sooner, lower danger, keep compliant, and skip the complicated scripts.
