CVE-2025-20286Use of Hard-coded Password in Cisco Identity Services Engine Software

CWE-259Use of Hard-coded PasswordCWE-617Reachable Assertion6 documents6 sources
Severity
9.8CRITICALNVD
CNA9.9
EPSS
0.2%
top 60.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Identity Services Engine SoftwareCisco Identity Services Engine
Timeline
PublishedJun 4

Description

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in differe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-mj8j-c9rh-x2c6: A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engi2025-06-04
CVEList
ISE on AWS Static Credential2025-06-04

📋Vendor Advisories

2
Cisco
Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability2025-06-04
Microsoft
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.2021-03-09

🕵️Threat Intelligence

1
Bleepingcomputer
Cisco warns of ISE and CCP flaws with public exploit code2025-06-04
CVE-2025-20286 — Use of Hard-coded Password in Cisco | cvebase