cvelistv5 - cve-2025-20286

CVE-2025-20286 (GCVE-0-2025-20286)

Vulnerability from cvelistv5

Published

2025-06-04 16:18

Modified

2025-06-05 18:08

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

CWE

CWE-259 - Use of Hard-coded Password

Summary

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.

References

►

URL

Tags

psirt@cisco.com

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Identity Services Engine Software	Version: 3.1.0 Version: 3.1.0 p1 Version: 3.1.0 p3 Version: 3.1.0 p2 Version: 3.2.0 Version: 3.1.0 p4 Version: 3.1.0 p5 Version: 3.2.0 p1 Version: 3.1.0 p6 Version: 3.2.0 p2 Version: 3.1.0 p7 Version: 3.3.0 Version: 3.2.0 p3 Version: 3.2.0 p4 Version: 3.1.0 p8 Version: 3.2.0 p5 Version: 3.2.0 p6 Version: 3.1.0 p9 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.2.0 p7 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.1.0 p10 Version: 3.3 Patch 5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20286",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-04T18:12:31.436423Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-04T18:19:18.634Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Identity Services Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.1.0 p1"
            },
            {
              "status": "affected",
              "version": "3.1.0 p3"
            },
            {
              "status": "affected",
              "version": "3.1.0 p2"
            },
            {
              "status": "affected",
              "version": "3.2.0"
            },
            {
              "status": "affected",
              "version": "3.1.0 p4"
            },
            {
              "status": "affected",
              "version": "3.1.0 p5"
            },
            {
              "status": "affected",
              "version": "3.2.0 p1"
            },
            {
              "status": "affected",
              "version": "3.1.0 p6"
            },
            {
              "status": "affected",
              "version": "3.2.0 p2"
            },
            {
              "status": "affected",
              "version": "3.1.0 p7"
            },
            {
              "status": "affected",
              "version": "3.3.0"
            },
            {
              "status": "affected",
              "version": "3.2.0 p3"
            },
            {
              "status": "affected",
              "version": "3.2.0 p4"
            },
            {
              "status": "affected",
              "version": "3.1.0 p8"
            },
            {
              "status": "affected",
              "version": "3.2.0 p5"
            },
            {
              "status": "affected",
              "version": "3.2.0 p6"
            },
            {
              "status": "affected",
              "version": "3.1.0 p9"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 2"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 1"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 3"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "status": "affected",
              "version": "3.2.0 p7"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 4"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 1"
            },
            {
              "status": "affected",
              "version": "3.1.0 p10"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\n\r\nThis vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\nNote: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "Use of Hard-coded Password",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-05T18:08:01.160Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ise-aws-static-cred-FPMjUcm7",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ise-aws-static-cred-FPMjUcm7",
        "defects": [
          "CSCwn63400"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "ISE on AWS Static Credential"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20286",
    "datePublished": "2025-06-04T16:18:30.929Z",
    "dateReserved": "2024-10-10T19:15:13.251Z",
    "dateUpdated": "2025-06-05T18:08:01.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-20286\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2025-06-04T17:15:28.427\",\"lastModified\":\"2025-06-05T20:12:23.777\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\\r\\n\\r\\nThis vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\\r\\nNote: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en las implementaciones en la nube de Cisco Identity Services Engine (ISE) de Amazon Web Services (AWS), Microsoft Azure y Oracle Cloud Infrastructure (OCI) podr\u00eda permitir que un atacante remoto no autenticado acceda a datos confidenciales, ejecute operaciones administrativas limitadas, modifique la configuraci\u00f3n del sistema o interrumpa los servicios de los sistemas afectados. Esta vulnerabilidad se debe a que las credenciales se generan incorrectamente al implementar Cisco ISE en plataformas en la nube, lo que provoca que diferentes implementaciones de Cisco ISE compartan las mismas credenciales. Estas credenciales se comparten entre m\u00faltiples implementaciones de Cisco ISE siempre que la versi\u00f3n de software y la plataforma en la nube sean las mismas. Un atacante podr\u00eda explotar esta vulnerabilidad extrayendo las credenciales de usuario de Cisco ISE implementado en la nube y us\u00e1ndolas para acceder a Cisco ISE implementado en otros entornos de nube a trav\u00e9s de puertos no seguros. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder a datos confidenciales, ejecutar operaciones administrativas limitadas, modificar la configuraci\u00f3n del sistema o interrumpir los servicios de los sistemas afectados. Nota: Si el nodo de administraci\u00f3n principal est\u00e1 implementado en la nube, Cisco ISE se ve afectado por esta vulnerabilidad. Si el nodo de administraci\u00f3n principal est\u00e1 local, no se ver\u00e1 afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.3}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-259\"}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7\",\"source\":\"psirt@cisco.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-20286\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-04T18:12:31.436423Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-04T18:12:33.860Z\"}}], \"cna\": {\"title\": \"ISE on AWS Static Credential\", \"source\": {\"defects\": [\"CSCwn63400\"], \"advisory\": \"cisco-sa-ise-aws-static-cred-FPMjUcm7\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Identity Services Engine Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.1.0\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p1\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p3\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p2\"}, {\"status\": \"affected\", \"version\": \"3.2.0\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p4\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p5\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p1\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p6\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p2\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p7\"}, {\"status\": \"affected\", \"version\": \"3.3.0\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p3\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p4\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p8\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p5\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p6\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p9\"}, {\"status\": \"affected\", \"version\": \"3.3 Patch 2\"}, {\"status\": \"affected\", \"version\": \"3.3 Patch 1\"}, {\"status\": \"affected\", \"version\": \"3.3 Patch 3\"}, {\"status\": \"affected\", \"version\": \"3.4.0\"}, {\"status\": \"affected\", \"version\": \"3.2.0 p7\"}, {\"status\": \"affected\", \"version\": \"3.3 Patch 4\"}, {\"status\": \"affected\", \"version\": \"3.4 Patch 1\"}, {\"status\": \"affected\", \"version\": \"3.1.0 p10\"}, {\"status\": \"affected\", \"version\": \"3.3 Patch 5\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\\r\\n\\r\\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7\", \"name\": \"cisco-sa-ise-aws-static-cred-FPMjUcm7\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\\r\\n\\r\\nThis vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\\r\\nNote: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-259\", \"description\": \"Use of Hard-coded Password\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2025-06-05T18:08:01.160Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-20286\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-05T18:08:01.160Z\", \"dateReserved\": \"2024-10-10T19:15:13.251Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2025-06-04T16:18:30.929Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ncsc-2025-0183

Vulnerability from csaf_ncscnl

Published

2025-06-05 10:25

Modified

2025-06-05 10:25

Summary

Kwetsbaarheid verholpen in Cisco Identity Services Engine voor cloudplatformen

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Cisco heeft een kwetsbaarheid verholpen in Identity Services Engine (ISE) voor cloudplatformen.

Interpretaties

De kwetsbaarheid betreft een fout bij het automatisch genereren van wachtwoorden wanneer Cisco ISE op een cloudplatform wordt geïnstalleerd. Hierdoor worden in verschillende ISE-cloudomgevingen dezelfde wachtwoorden gebruikt. Een ongeauthenticeerde kwaadwillende op afstand kan hierdoor toegang krijgen tot gevoelige gegevens, beperkte beheerrechten op de ISE-omgeving bemachtigen en configuratiewijzigingen doorvoeren. De kwetsbaarheid treft ISE voor Amazon Web Services (AWS), Microsoft Azure en Oracle Cloud Infrastructure (OCI). De kwetsbaarheid doet zich alleen voor wanneer de Primary Administration-node in de cloudomgeving is geïnstalleerd. Omgevingen waar de Primary Administration-node on-premise draait, zijn niet kwetsbaar. Daarnaast zijn enkele specifieke cloudimplementaties niet kwetsbaar. Zie de bijgevoegde referentie voor meer informatie.

Oplossingen

Cisco heeft hotfixes uitgebracht waarmee de kwetsbaarheid wordt verholpen. Zie de bijgevoegde referentie voor meer informatie.

Kans

medium

Schade

high

CWE-259

Use of Hard-coded Password

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Cisco heeft een kwetsbaarheid verholpen in Identity Services Engine (ISE) voor cloudplatformen.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheid betreft een fout bij het automatisch genereren van wachtwoorden wanneer Cisco ISE op een cloudplatform wordt ge\u00efnstalleerd. Hierdoor worden in verschillende ISE-cloudomgevingen dezelfde wachtwoorden gebruikt. Een ongeauthenticeerde kwaadwillende op afstand kan hierdoor toegang krijgen tot gevoelige gegevens, beperkte beheerrechten op de ISE-omgeving bemachtigen en configuratiewijzigingen doorvoeren.\n\nDe kwetsbaarheid treft ISE voor Amazon Web Services (AWS), Microsoft Azure en Oracle Cloud Infrastructure (OCI). De kwetsbaarheid doet zich alleen voor wanneer de Primary Administration-node in de cloudomgeving is ge\u00efnstalleerd. Omgevingen waar de Primary Administration-node on-premise draait, zijn niet kwetsbaar. Daarnaast zijn enkele specifieke cloudimplementaties niet kwetsbaar. Zie de bijgevoegde referentie voor meer informatie.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Cisco heeft hotfixes uitgebracht waarmee de kwetsbaarheid wordt verholpen. Zie de bijgevoegde referentie voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Use of Hard-coded Password",
        "title": "CWE-259"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - certbundde; cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7"
      }
    ],
    "title": "Kwetsbaarheid verholpen in Cisco Identity Services Engine voor cloudplatformen",
    "tracking": {
      "current_release_date": "2025-06-05T10:25:46.291683Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0183",
      "initial_release_date": "2025-06-05T10:25:46.291683Z",
      "revision_history": [
        {
          "date": "2025-06-05T10:25:46.291683Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/3.1.0",
                "product": {
                  "name": "vers:unknown/3.1.0",
                  "product_id": "CSAFPID-1347107"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/3.2.0",
                "product": {
                  "name": "vers:unknown/3.2.0",
                  "product_id": "CSAFPID-1347111"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/3.3.0",
                "product": {
                  "name": "vers:unknown/3.3.0",
                  "product_id": "CSAFPID-2857197"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/3.4.0",
                "product": {
                  "name": "vers:unknown/3.4.0",
                  "product_id": "CSAFPID-2857166"
                }
              }
            ],
            "category": "product_name",
            "name": "Cisco Identity Services Engine Software"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20286",
      "cwe": {
        "id": "CWE-259",
        "name": "Use of Hard-coded Password"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Hard-coded Password",
          "title": "CWE-259"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1347107",
          "CSAFPID-1347111",
          "CSAFPID-2857197",
          "CSAFPID-2857166"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20286",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20286.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1347107",
            "CSAFPID-1347111",
            "CSAFPID-2857197",
            "CSAFPID-2857166"
          ]
        }
      ],
      "title": "CVE-2025-20286"
    }
  ]
}

cisco-sa-ise-aws-static-cred-fpmjucm7

Vulnerability from csaf_cisco

Published

2025-06-04 16:00

Modified

2025-06-05 17:26

Summary

Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability

Notes

Summary

Vulnerable Products

This vulnerability affects the following releases of Cisco ISE in the default configuration when it is deployed on AWS, Azure, and OCI platforms: Platform Cisco ISE Vulnerable Releases AWS 3.1, 3.2, 3.3, and 3.4 Azure 3.2, 3.3, and 3.4 OCI 3.2, 3.3, and 3.4 Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected. For information about the fixed Cisco software releases, see the Fixed Software ["#fs"] section of this advisory.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. This vulnerability does not affect the following deployments of Cisco ISE: All on-premises deployments with any form factors where artifacts are installed from Cisco Software Download Center (ISO or OVA). This includes appliances and virtual machines with different form factors. ISE on Azure VMware Solution (AVS) ISE on Google Cloud VMware Engine ISE on VMware cloud in AWS ISE hybrid deployments with all ISE Administrator personas (Primary and Secondary Administration) on-premises with other personas in the cloud.

Details

The credentials that exist in Cisco ISE that is deployed in the cloud are specific to each release and platform. For example: All instances of Release 3.1 on AWS will have the same static credentials. Credentials that are valid for access to a Release 3.1 deployment would not be valid to access a Release 3.2 deployment on the same platform. Release 3.2 on AWS would not have the same credentials as Release 3.2 on Azure.

Workarounds

There are no workarounds that address this vulnerability. However, there are mitigations: Allow source IPs that use Cloud Security Groups: Allowing the source IP addresses of Customer Administrators that use security groups on cloud platforms restricts access exclusively to authorized administrators before traffic reaches the Cisco ISE instance, effectively blocking any potentially malicious connections. Allow source IPs at Cisco ISE: In the Cisco ISE UI, allow the source IP addresses of Customer Administrators. For fresh installations, run the application reset-config ise to reset user passwords to a new value. Running the application reset-config ise command is required only on the Primary Administration persona node in the cloud. There is no need to reset secondary nodes. If the Primary Administration persona is on-premises, running the command is not required. Warnings: Running the application reset-config ise command will reset Cisco ISE to the factory configuration. For details, see the Cisco ISE Configuration Guide ["https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/cli_guide/b_ise_CLI_Reference_Guide_32/b_ise_CLIReferenceGuide_32_chapter_01.html#wp1727183819"]. If the configuration backup that is being restored was taken before the vulnerability fix was applied, the old credentials will also be restored. Cisco recommends taking a new configuration backup after installing the fix to prevent the old credentials from being restored. If an old backup has been restored, the hot fix must be removed and re-installed. While these mitigations have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

Fixed Software

Cisco has released free software updates ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu"] that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"] Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. The Cisco Support and Downloads page ["https://www.cisco.com/c/en/us/support/index.html"] on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool. When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"] Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases In the following table, the left column lists Cisco software releases. The middle column indicates the hot fix available for that release and the right column indicates the first fixed release for the vulnerability. Customers are advised to upgrade to an appropriate fixed software release ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"] as indicated in this section. Cisco ISE Release Hot Fix First Fixed Release 3.0 and earlier Not applicable. Not affected. 3.1 ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz ["https://software.cisco.com/download/home/283801620/type/283802505/release/HP-CLOUD-CSCwn63400"] This hot fix applies to Releases 3.1 through 3.4. Migrate to a fixed release. 3.2 ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz ["https://software.cisco.com/download/home/283801620/type/283802505/release/HP-CLOUD-CSCwn63400"] This hot fix applies to Releases 3.1 through 3.4. Migrate to a fixed release. 3.3 ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz ["https://software.cisco.com/download/home/283801620/type/283802505/release/HP-CLOUD-CSCwn63400"] This hot fix applies to Releases 3.1 through 3.4. 3.3P8 (November 2025) 3.4 ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz ["https://software.cisco.com/download/home/283801620/type/283802505/release/HP-CLOUD-CSCwn63400"] This hot fix applies to Releases 3.1 through 3.4. 3.4P3 (October 2025) 3.5 Not applicable. Planned release (Aug 2025) The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory. The Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.

Source

Cisco would like to thank Kentaro Kawane of GMO Cybersecurity by Ierae for reporting this vulnerability.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "Cisco would like to thank Kentaro Kawane of GMO Cybersecurity by Ierae for reporting this vulnerability."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\n\r\nThis vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\n\r\nNote: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\n",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "This vulnerability affects the following releases of Cisco ISE in the default configuration when it is deployed on AWS, Azure, and OCI platforms:\r\n        Platform  Cisco ISE Vulnerable Releases          AWS  3.1, 3.2, 3.3, and 3.4      Azure  3.2, 3.3, and 3.4      OCI  3.2, 3.3, and 3.4\r\nNote: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.\r\n\r\nFor information about the fixed Cisco software releases, see the Fixed Software [\"#fs\"] section of this advisory.",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nThis vulnerability does not affect the following deployments of Cisco ISE:\r\n\r\nAll on-premises deployments with any form factors where artifacts are installed from Cisco Software Download Center (ISO or OVA). This includes appliances and virtual machines with different form factors.\r\nISE on Azure VMware Solution (AVS)\r\nISE on Google Cloud VMware Engine\r\nISE on VMware cloud in AWS\r\nISE hybrid deployments with all ISE Administrator personas (Primary and Secondary Administration) on-premises with other personas in the cloud.",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "The credentials that exist in Cisco ISE that is deployed in the cloud are specific to each release and platform. For example:\r\n\r\nAll instances of Release 3.1 on AWS will have the same static credentials.\r\nCredentials that are valid for access to a Release 3.1 deployment would not be valid to access a Release 3.2 deployment on the same platform.\r\nRelease 3.2 on AWS would not have the same credentials as Release 3.2 on Azure.",
        "title": "Details"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability. However, there are mitigations:\r\n\r\nAllow source IPs that use Cloud Security Groups: Allowing the source IP addresses of Customer Administrators that use security groups on cloud platforms restricts access exclusively to authorized administrators before traffic reaches the Cisco ISE instance, effectively blocking any potentially malicious connections.\r\nAllow source IPs at Cisco ISE: In the Cisco ISE UI, allow the source IP addresses of Customer Administrators.\r\n\r\nFor fresh installations, run the application reset-config ise to reset user passwords to a new value. Running the application reset-config ise command is required only on the Primary Administration persona node in the cloud. There is no need to reset secondary nodes. If the Primary Administration persona is on-premises, running the command is not required.\r\n\r\nWarnings:\r\n\r\nRunning the application reset-config ise command will reset Cisco ISE to the factory configuration. For details, see the Cisco ISE Configuration Guide [\"https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/cli_guide/b_ise_CLI_Reference_Guide_32/b_ise_CLIReferenceGuide_32_chapter_01.html#wp1727183819\"].\r\nIf the configuration backup that is being restored was taken before the vulnerability fix was applied, the old credentials will also be restored. Cisco recommends taking a new configuration backup after installing the fix to prevent the old credentials from being restored. If an old backup has been restored, the hot fix must be removed and re-installed.\r\n\r\nWhile these mitigations have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "Cisco has released free software updates [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu\"] that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.\r\n\r\nCustomers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nThe Cisco Support and Downloads page [\"https://www.cisco.com/c/en/us/support/index.html\"] on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n  Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n      Fixed Releases\r\nIn the following table, the left column lists Cisco software releases. The middle column indicates the hot fix available for that release and the right column indicates the first fixed release for the vulnerability. Customers are advised to upgrade to an appropriate fixed software release [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] as indicated in this section.\r\n        Cisco ISE Release  Hot Fix  First Fixed Release          3.0 and earlier  Not applicable.  Not affected.      3.1  ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz [\"https://software.cisco.com/download/home/283801620/type/283802505/release/HP-CLOUD-CSCwn63400\"]\r\nThis hot fix applies to Releases 3.1 through 3.4.  Migrate to a fixed release.      3.2  ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz [\"https://software.cisco.com/download/home/283801620/type/283802505/release/HP-CLOUD-CSCwn63400\"]\r\nThis hot fix applies to Releases 3.1 through 3.4.  Migrate to a fixed release.      3.3  ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz [\"https://software.cisco.com/download/home/283801620/type/283802505/release/HP-CLOUD-CSCwn63400\"]\r\nThis hot fix applies to Releases 3.1 through 3.4.  3.3P8 (November 2025)      3.4  ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz [\"https://software.cisco.com/download/home/283801620/type/283802505/release/HP-CLOUD-CSCwn63400\"]\r\nThis hot fix applies to Releases 3.1 through 3.4.  3.4P3 (October 2025)      3.5  Not applicable.  Planned release (Aug 2025)\r\nThe Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "Cisco would like to thank Kentaro Kawane of GMO Cybersecurity by Ierae for reporting this vulnerability.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "Cisco ISE Configuration Guide",
        "url": "https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/cli_guide/b_ise_CLI_Reference_Guide_32/b_ise_CLIReferenceGuide_32_chapter_01.html#wp1727183819"
      },
      {
        "category": "external",
        "summary": "free software updates",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
        "url": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"
      },
      {
        "category": "external",
        "summary": "Cisco Support and Downloads page",
        "url": "https://www.cisco.com/c/en/us/support/index.html"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisories page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
        "url": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"
      },
      {
        "category": "external",
        "summary": "ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz",
        "url": "https://software.cisco.com/download/home/283801620/type/283802505/release/HP-CLOUD-CSCwn63400"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"
      }
    ],
    "title": "Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability",
    "tracking": {
      "current_release_date": "2025-06-05T17:26:25+00:00",
      "generator": {
        "date": "2025-06-05T17:26:30+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-ise-aws-static-cred-FPMjUcm7",
      "initial_release_date": "2025-06-04T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2025-06-04T15:54:46+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        },
        {
          "date": "2025-06-04T16:36:33+00:00",
          "number": "1.1.0",
          "summary": "Added future fix information."
        },
        {
          "date": "2025-06-05T12:45:35+00:00",
          "number": "1.2.0",
          "summary": "Added Release 3.0, which is not affected."
        },
        {
          "date": "2025-06-05T17:26:25+00:00",
          "number": "1.3.0",
          "summary": "Added a warning about configuration backups."
        }
      ],
      "status": "final",
      "version": "1.3.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Cisco Identity Services Engine Software",
            "product": {
              "name": "Cisco Identity Services Engine Software ",
              "product_id": "CSAFPID-111903"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20286",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwn63400"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-111903"
        ]
      },
      "release_date": "2025-06-04T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-111903"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-111903"
          ]
        }
      ],
      "title": "ISE on AWS Static Credential"
    }
  ]
}

fkie_cve-2025-20286

Vulnerability from fkie_nvd

Published

2025-06-04 17:15

Modified

2025-06-05 20:12

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

Summary

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\n\r\nThis vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\nNote: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en las implementaciones en la nube de Cisco Identity Services Engine (ISE) de Amazon Web Services (AWS), Microsoft Azure y Oracle Cloud Infrastructure (OCI) podr\u00eda permitir que un atacante remoto no autenticado acceda a datos confidenciales, ejecute operaciones administrativas limitadas, modifique la configuraci\u00f3n del sistema o interrumpa los servicios de los sistemas afectados. Esta vulnerabilidad se debe a que las credenciales se generan incorrectamente al implementar Cisco ISE en plataformas en la nube, lo que provoca que diferentes implementaciones de Cisco ISE compartan las mismas credenciales. Estas credenciales se comparten entre m\u00faltiples implementaciones de Cisco ISE siempre que la versi\u00f3n de software y la plataforma en la nube sean las mismas. Un atacante podr\u00eda explotar esta vulnerabilidad extrayendo las credenciales de usuario de Cisco ISE implementado en la nube y us\u00e1ndolas para acceder a Cisco ISE implementado en otros entornos de nube a trav\u00e9s de puertos no seguros. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder a datos confidenciales, ejecutar operaciones administrativas limitadas, modificar la configuraci\u00f3n del sistema o interrumpir los servicios de los sistemas afectados. Nota: Si el nodo de administraci\u00f3n principal est\u00e1 implementado en la nube, Cisco ISE se ve afectado por esta vulnerabilidad. Si el nodo de administraci\u00f3n principal est\u00e1 local, no se ver\u00e1 afectado."
    }
  ],
  "id": "CVE-2025-20286",
  "lastModified": "2025-06-05T20:12:23.777",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.3,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-04T17:15:28.427",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-259"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}

wid-sec-w-2025-1238

Vulnerability from csaf_certbund

Published

2025-06-04 22:00

Modified

2025-06-04 22:00

Summary

Cisco Identity Services Engine (ISE) Cloud Platforms: Schwachstelle ermöglicht erlangen von Admin Rechten

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die Cisco Identity Services Engine (ISE) bietet eine attributbasierte Zugangs-Kontroll-Lösung.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco Identity Services Engine (ISE) auf Cloud Platforms ausnutzen, um administrative Privilegien zu erhalten und potentiell Dateien zu manipulieren, Informationen auszuspähen oder einen Denial-of-Service auszulösen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Cisco Identity Services Engine (ISE) bietet eine attributbasierte Zugangs-Kontroll-L\u00f6sung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco Identity Services Engine (ISE) auf Cloud Platforms ausnutzen, um administrative Privilegien zu erhalten und potentiell Dateien zu manipulieren, Informationen auszusp\u00e4hen oder einen Denial-of-Service auszul\u00f6sen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1238 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1238.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1238 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1238"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory vom 2025-06-04",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7"
      }
    ],
    "source_lang": "en-US",
    "title": "Cisco Identity Services Engine (ISE) Cloud Platforms: Schwachstelle erm\u00f6glicht erlangen von Admin Rechten",
    "tracking": {
      "current_release_date": "2025-06-04T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-05T08:21:19.718+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1238",
      "initial_release_date": "2025-06-04T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-06-04T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz",
                "product": {
                  "name": "Cisco Identity Services Engine (ISE) \u003cise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz",
                  "product_id": "T044340"
                }
              },
              {
                "category": "product_version_range",
                "name": "ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz",
                "product": {
                  "name": "Cisco Identity Services Engine (ISE) ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz",
                  "product_id": "T044340-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.3P8",
                "product": {
                  "name": "Cisco Identity Services Engine (ISE) \u003c3.3P8",
                  "product_id": "T044343"
                }
              },
              {
                "category": "product_version",
                "name": "3.3P8",
                "product": {
                  "name": "Cisco Identity Services Engine (ISE) 3.3P8",
                  "product_id": "T044343-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:identity_services_engine_software:3.3p8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.4P3",
                "product": {
                  "name": "Cisco Identity Services Engine (ISE) \u003c3.4P3",
                  "product_id": "T044344"
                }
              },
              {
                "category": "product_version",
                "name": "3.4P3",
                "product": {
                  "name": "Cisco Identity Services Engine (ISE) 3.4P3",
                  "product_id": "T044344-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:identity_services_engine_software:3.4p3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Identity Services Engine (ISE)"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20286",
      "product_status": {
        "known_affected": [
          "T044340",
          "T044344",
          "T044343"
        ]
      },
      "release_date": "2025-06-04T22:00:00.000+00:00",
      "title": "CVE-2025-20286"
    }
  ]
}

ghsa-mj8j-c9rh-x2c6

Vulnerability from github

Published

2025-06-04 18:30

Modified

2025-06-04 18:30

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

Details

This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-20286"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-259"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-04T17:15:28Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\n\nThis vulnerability exists  because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\nNote: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.",
  "id": "GHSA-mj8j-c9rh-x2c6",
  "modified": "2025-06-04T18:30:58Z",
  "published": "2025-06-04T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20286"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-20286 (GCVE-0-2025-20286)

Vulnerability from cvelistv5

ncsc-2025-0183

Vulnerability from csaf_ncscnl

cisco-sa-ise-aws-static-cred-fpmjucm7

Vulnerability from csaf_cisco

fkie_cve-2025-20286

Vulnerability from fkie_nvd

wid-sec-w-2025-1238

Vulnerability from csaf_certbund

ghsa-mj8j-c9rh-x2c6

Vulnerability from github

Tags

Sightings

Nomenclature