Published On: Jun 16, 2025 08:57
Advisory No: TZCERT-SA-25-0103
Source: Cisco
Software Affected: Cisco ISE
Cisco Identity Services Engine is affected by a critical vulnerability. The vulnerability could allow a remote attacker to gain elevated privileges on the affected device.
Cisco Identity Services Engine is affected by the critical vulnerability tracked as CVE-2025-20286 with a CVSS base score 9.9. The vulnerability results from credentials being improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE deployed in the cloud and then using them to access Cisco ISE deployed in other cloud environments through unsecured ports. Successful exploitation may allow an unauthenticated remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.
Successful exploitation of this vulnerability may allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.
Cisco has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
