Cisco releases security patches for three vulnerabilities in its ISE and CCP solutions, including a critical credential vulnerability affecting cloud deployments. Attackers can exploit this flaw to access sensitive data and disrupt services, especially in cloud environments using AWS, Azure, or OCI. #CiscoISE #CloudVulnerabilities
Keypoints
- Cisco addressed three security vulnerabilities in its ISE and CCP platforms through new patches.
- The most critical flaw, CVE-2025-20286, involves improperly generated credentials in cloud deployments of Cisco ISE.
- Unauthenticated attackers can exploit this flaw to access multiple cloud environments if certain conditions are met.
- Cisco recommends running the reset-config ise command on cloud nodes if patches cannot be applied immediately.
- Two additional vulnerabilities, an arbitrary file upload and an information disclosure flaw, were also patched.