Cisco has released security patches for a critical flaw in the Identity Services Engine (ISE) that could allow attackers to access sensitive data and disrupt services through static credential vulnerabilities. The flaw, affecting cloud deployments on AWS, Azure, and OCI, has a high CVSS score and has not yet been exploited in the wild. #CVE202520286 #CiscoISE #CloudSecurity
Keypoints
- Ciscoβs security update addresses a critical vulnerability in Cisco ISE affecting cloud deployments.
- The flaw, CVE-2025-20286, has a CVSS score of 9.9 and involves static credential generation issues.
- Exploitation could enable unauthorized data access, system modifications, or service disruptions.
- The vulnerability specifically impacts AWS, Azure, and OCI versions of Cisco ISE 3.1 to 3.4, depending on the cloud provider.
- Cisco recommends restricting traffic and resetting configurations, with the caveat that reset commands restore factory settings.
Read More: https://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.html