9.9

CVE-2025-20286

Media report

EPSS 0.05%
Published 04.06.2025 16:18:30
Last modified 15.10.2025 17:58:47
Source psirt@cisco.com
CVE-Watchlists
Login
Open
Login

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.

This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.
Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Identity Services Engine Version3.1.0 Update-

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch1

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch10

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch2

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch3

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch4

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch5

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch6

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch7

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch8

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch9

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Update-

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch1

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch2

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch3

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch4

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch5

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch6

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch7

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.3.0

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch1

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch2

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch3

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch4

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch5

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.4.0

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch1

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Update-

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch1

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch2

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch3

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch4

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch5

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch6

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch7

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.3.0

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch1

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch2

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch3

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch4

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch5

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.4.0

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch1

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Update-

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch1

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch2

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch3

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch4

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch5

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch6

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch7

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.3.0

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch1

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch2

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch3

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch4

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch5

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.4.0

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch1

Oracle ≫ Cloud Infrastructure Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.148

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@cisco.com	9.9	3.9	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

CWE-259 Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

https://www.heise.de/news/Jetzt-patchen-Attacken-auf-Cisco-Identity-Services-Engine-koennen-bevorstehen-10428300.html

Medienbericht

heise Security

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-20286

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20286

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20286

EUVD