Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Uncategorized

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure

Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modify […]

Cisco Catalyst

Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions.

A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modify configurations, or disrupt services.

The vulnerability in Cisco ISE cloud deployments occurs when the system generates identical credentials across different instances using the same software version and cloud platform (AWS, Azure, or OCI). This means multiple deployments can end up sharing the same login details. An attacker could exploit this by extracting credentials from one Cisco ISE instance and using them to access others, potentially gaining access to sensitive data, changing settings, or disrupting services.

“This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports.” reads the advisory. “A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.”

Kentaro Kawane of GMO Cybersecurity discovered the vulnerability. Cisco PSIRT has confirmed that proof-of-concept code exists for the vulnerability but says there’s no evidence that the flaw has been actively exploited in attacks in the wild.

The flaw impacts the following versions:

Cisco Identity Services Engine ReleaseFirst Fixed Release
3.1Migrate to a fixed release.
3.2Migrate to a fixed release.
3.33.3P8 (November 2025)
3.43.4P3 (October 2025)
3.5Planned release (Aug 2025)

There’s no direct workaround for the Cisco Identity Services Engine cloud vulnerability, however the IT giant provided some important mitigations administrators can apply. First, limit access by allowing only trusted source IP addresses, either through cloud security groups or directly within the Cisco Identity Services Engine interface.

For new installations, Cisco recommends running the application reset-config ise command on the cloud-based primary node to generate fresh credentials. Note: this will reset the system to factory settings, and restoring from a backup will bring back the original (potentially vulnerable) credentials.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco)