exploitDog

CVE-2025-20286

Опубликовано: 04 июн. 2025

Источник: nvd

CVSS3: 9.9

CVSS3: 9.8

EPSS Низкий

Описание

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.

This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, exec

Ссылки

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:cisco:identity_services_engine:3.1.0:-:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch1:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch10:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch2:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch3:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch4:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch5:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch6:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch7:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch8:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch9:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch7:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.4.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*

cpe:2.3:a:amazon:amazon_web_services:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch7:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.4.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*

cpe:2.3:o:microsoft:azure:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch7:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.4.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*

cpe:2.3:a:oracle:cloud_infrastructure:-:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00052

Низкий

9.9 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-259

Связанные уязвимости

GHSA-mj8j-c9rh-x2c6

CVSS3: 9.9

github

8 месяцев назад

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, ex...

BDU:2025-06465

CVSS3: 9.9

fstec

8 месяцев назад

Уязвимость платформы управления политиками соединений Cisco Identity Services Engine (ISE), связанная с использованием жестко закодированных учетных данных, позволяющая нарушителю изменить конфигурацию программного обеспечения

EPSS

Процентиль: 16%

0.00052

Низкий

9.9 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-259