Cisco has identified and released security patches for a significant vulnerability in its Identity Services Engine (ISE), designated CVE-2025-20286, with a criticality rating of 9.9. This flaw presents a serious threat, as it allows unauthenticated remote attackers to gain access to sensitive information and disrupt services on cloud deployments across platforms such as AWS, Microsoft Azure, and Oracle Cloud. The issue arises due to improperly generated static credentials during deployment, resulting in shared credentials among various installations of the same software release, potentially enabling broad exploitability in cloud environments.
Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems.
The essential problem stems from improper credential generation, enabling different deployments of Cisco ISE on cloud platforms to share the same credentials if they share the software release and platform.
Collection
[
|
...
]