Source: The Hacker News
Author: info@thehackernews.com (The Hacker News)
URL: https://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.html
ONE SENTENCE SUMMARY: Cisco issued critical patches addressing a static credential vulnerability in cloud-based Identity Services Engine deployments, allowing unauthorized access.
MAIN POINTS:
- Cisco released patches for critical vulnerability CVE-2025-20286 in Identity Services Engine (ISE).
- The flaw has a critical CVSS severity rating of 9.9 out of 10.
- Issue stems from improperly generated static credentials in cloud deployments.
- Affected platforms include AWS, Microsoft Azure, and Oracle Cloud Infrastructure (OCI).
- Exploitation allows attackers access to sensitive data and limited administrative tasks.
- Vulnerability affects cloud-based Primary Administration nodes only; on-premises nodes are safe.
- Credentials are identical across deployments of same Cisco ISE release and cloud platform.
- Exploit could allow attacker to disrupt services or change system configurations.
- Proof-of-concept exploit exists, but no evidence of malicious exploitation yet.
- Cisco recommends restricting administrator traffic or performing a factory reset as mitigation.
TAKEAWAYS:
- Immediately apply Cisco’s security patches to affected cloud deployments.
- Restrict administrative access to trusted sources to mitigate potential exploits.
- Consider resetting Cisco ISE passwords using provided command, despite configuration reset risks.
- Regularly monitor for unusual activity, given the availability of proof-of-concept exploit.
- Evaluate and plan migration strategies to unaffected software versions or on-premises nodes.