Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.html

ONE SENTENCE SUMMARY: Cisco issued critical patches addressing a static credential vulnerability in cloud-based Identity Services Engine deployments, allowing unauthorized access.

MAIN POINTS:

  1. Cisco released patches for critical vulnerability CVE-2025-20286 in Identity Services Engine (ISE).
  2. The flaw has a critical CVSS severity rating of 9.9 out of 10.
  3. Issue stems from improperly generated static credentials in cloud deployments.
  4. Affected platforms include AWS, Microsoft Azure, and Oracle Cloud Infrastructure (OCI).
  5. Exploitation allows attackers access to sensitive data and limited administrative tasks.
  6. Vulnerability affects cloud-based Primary Administration nodes only; on-premises nodes are safe.
  7. Credentials are identical across deployments of same Cisco ISE release and cloud platform.
  8. Exploit could allow attacker to disrupt services or change system configurations.
  9. Proof-of-concept exploit exists, but no evidence of malicious exploitation yet.
  10. Cisco recommends restricting administrator traffic or performing a factory reset as mitigation.

TAKEAWAYS:

  1. Immediately apply Cisco’s security patches to affected cloud deployments.
  2. Restrict administrative access to trusted sources to mitigate potential exploits.
  3. Consider resetting Cisco ISE passwords using provided command, despite configuration reset risks.
  4. Regularly monitor for unusual activity, given the availability of proof-of-concept exploit.
  5. Evaluate and plan migration strategies to unaffected software versions or on-premises nodes.