Cisco has launched patches to deal with three vulnerabilities with public exploit code in its Id Providers Engine (ISE) and Buyer Collaboration Platform (CCP) options.
Probably the most extreme of the three is a vital static credential vulnerability tracked as CVE-2025-20286, discovered by GMO Cybersecurity’s Kentaro Kawane in Cisco ISE. This identity-based coverage enforcement software program gives endpoint entry management and community system administration in enterprise environments.
The vulnerability is because of improperly generated credentials when deploying Cisco ISE on cloud platforms, leading to shared credentials throughout totally different deployments.
Unauthenticated attackers can exploit it by extracting person credentials from Cisco ISE cloud deployments and utilizing them to entry installations in different cloud environments. Nevertheless, as Cisco defined, risk actors can exploit this flaw efficiently provided that the Main Administration node is deployed within the cloud.
“A vulnerability in Amazon Net Providers (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Id Providers Engine (ISE) might enable an unauthenticated, distant attacker to entry delicate information, execute restricted administrative operations, modify system configurations, or disrupt providers throughout the impacted methods,” the corporate defined.
“The Cisco PSIRT is conscious that proof-of-concept exploit code is on the market for the vulnerability that’s described on this advisory.”
Cisco added that the next ISE deployments usually are not weak to assaults:
- All on-premises deployments with any type elements the place artifacts are put in from the Cisco Software program Obtain Middle (ISO or OVA). This consists of home equipment and digital machines with totally different type elements.
- ISE on Azure VMware Answer (AVS)
- ISE on Google Cloud VMware Engine
- ISE on VMware cloud in AWS
- ISE hybrid deployments with all ISE Administrator personas (Main and Secondary Administration) on-premises with different personas within the cloud.
The corporate advises admins nonetheless ready for a hotfix or who can not instantly apply the hotfixes launched right now to run the utility reset-config ise command on the Main Administration persona cloud node to reset person passwords to a brand new worth.
Nevertheless, admins must also remember that this command will reset Cisco ISE to the manufacturing unit configuration and that restoring backups may also restore the unique credentials.
The opposite two safety bugs with proof-of-concept exploit code patched right now are an arbitrary file add (CVE-2025-20130) in Cisco ISE and an info disclosure (CVE-2025-20129) within the Cisco Buyer Collaboration Platform (previously Cisco SocialMiner).
In September, Cisco patched one other ISE flaw, a command injection vulnerability with public exploit code that may let attackers escalate privileges to root on unpatched methods.
Handbook patching is outdated. It is sluggish, error-prone, and difficult to scale.
Be part of Kandji + Tines on June 4 to see why previous strategies fall quick. See real-world examples of how trendy groups use automation to patch quicker, minimize threat, keep compliant, and skip the complicated scripts.
