9.9

CVE-2025-20286

Medienbericht

EPSS 0.05%
Veröffentlicht 04.06.2025 16:18:30
Zuletzt bearbeitet 15.10.2025 17:58:47
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.

This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.
Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Identity Services Engine Version3.1.0 Update-

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch1

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch10

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch2

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch3

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch4

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch5

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch6

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch7

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch8

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.1.0 Updatepatch9

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Update-

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch1

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch2

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch3

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch4

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch5

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch6

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch7

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.3.0

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch1

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch2

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch3

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch4

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch5

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.4.0

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch1

Amazon ≫ Amazon Web Services Version-

Cisco ≫ Identity Services Engine Version3.2.0 Update-

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch1

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch2

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch3

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch4

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch5

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch6

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch7

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.3.0

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch1

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch2

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch3

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch4

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch5

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.4.0

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch1

Microsoft ≫ Azure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Update-

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch1

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch2

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch3

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch4

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch5

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch6

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.2.0 Updatepatch7

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.3.0

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch1

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch2

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch3

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch4

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.3.0 Updatepatch5

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.4.0

Oracle ≫ Cloud Infrastructure Version-

Cisco ≫ Identity Services Engine Version3.4.0 Updatepatch1

Oracle ≫ Cloud Infrastructure Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.163

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@cisco.com	9.9	3.9	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

CWE-259 Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

https://www.heise.de/news/Jetzt-patchen-Attacken-auf-Cisco-Identity-Services-Engine-koennen-bevorstehen-10428300.html

Medienbericht

heise Security

09.08.2025 11:36

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-20286

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20286

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20286

EUVD