CVE-2025-20286

CRITICAL EPSS 59.9%
Published Jun 4, 20251y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Jun 4, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
59.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-259

Affected Products 62

VendorProductVersionRange
ciscoidentity_services_engine3.1.0any
ciscoidentity_services_engine3.1.0any
ciscoidentity_services_engine3.1.0any
ciscoidentity_services_engine3.1.0any
ciscoidentity_services_engine3.1.0any
ciscoidentity_services_engine3.1.0any
ciscoidentity_services_engine3.1.0any
ciscoidentity_services_engine3.1.0any
ciscoidentity_services_engine3.1.0any
ciscoidentity_services_engine3.1.0any
ciscoidentity_services_engine3.1.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.4.0any
ciscoidentity_services_engine3.4.0any
amazonamazon_web_services*any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.4.0any
ciscoidentity_services_engine3.4.0any
microsoftazure*any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.2.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.3.0any
ciscoidentity_services_engine3.4.0any
ciscoidentity_services_engine3.4.0any
oraclecloud_infrastructure*any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.