Start your free trial today.

Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.

Your Shield Against Threats

Unleash the Power of Cybersecurity

Boost Your Security, Enhance Your Business

We solve Your Cyber Challenges

Quick Links

Resources

Deepaegis Portals

Static Credential Vulnerability in Cisco Identity Services Engine (ISE) Cloud Deployments

CVSS SCORE:9.9

TLP:White

CVE ID:CVE-2025-20286

SEVERITY:Critical

Type: Use of Hard-coded Password

Vendor:Cisco Systems, Inc.

Reporter:Cisco Systems, Inc. (psirt@cisco.com)

Exploitable?Yes

Summary

A vulnerability in cloud deployments (AWS, Azure, OCI) of Cisco Identity Services Engine (ISE) exists due to the improper generation of credentials, resulting in identical credentials across multiple ISE instances of the same release and platform. An unauthenticated, remote attacker could exploit this flaw to access sensitive data, perform limited administrative actions, modify system configurations, or disrupt services.

Impact

Successful exploitation could result in an attacker extracting static cloud-deployed Cisco ISE credentials from one instance and using them to compromise other instances of Cisco ISE cloud deployments sharing the same credentials. This can lead to unauthorized system configuration changes, data exposure, or service disruption.

Affected Products

Cisco Identity Services Engine (ISE) Cloud Deployments (AWS, Microsoft Azure, Oracle Cloud Infrastructure)

CVSS Metrics

Source: Cisco Systems, Inc.

version 3.1

vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

baseScore9.9

baseSeverityCRITICAL

attackVectorNETWORK

attackComplexityLOW

privilegesRequiredNONE

userInteractionNONE

scopeCHANGED

confidentialityImpactLOW

integrityImpactLOW

availabilityImpactHIGH

Exploitability Score3.9

Impact Score5.3

CWE Information

Source: Cisco Systems, Inc.,Type: Primary

Action Information

Remediation: Cisco has released updated guidance and fixes to address this issue: Cloud deployments of Cisco ISE must ensure that unique credentials are generated per instance. Customers are advised to follow the remediation recommendations published in Cisco Security Advisory cisco-sa-ise-aws-static-cred-FPMjUcm7.

Exploit Added Date: 6/3/2025

Patch and Mitigation Information

Patch Information

Cisco recommends updating affected cloud deployments following their latest cloud-specific configuration and credential generation procedures.

Temporary Fixes / Workarounds

None available.

Recommended Security Measures

Re-deploy cloud ISE instances ensuring unique credentials. Monitor access logs for unauthorized or unexpected administrative activities. Restrict network port access where possible.

Detection Methods

Scan for identical credentials across cloud ISE deployments. Monitor cloud logs for unauthorized or cross-instance access attempts.

Date Of Vendor Response

6/3/2025

Date Of Patch Release

6/3/2025

Additional Information

References

No references provided

Affected Organizations

No affected organizations specified

Confidentiality Notice

This document contains sensitive information. Unauthorized distribution is prohibited.

Vulnerability Advisory

Published 6/3/2025

Updated 6/4/2025