- Cisco patch three vulnerabilities in ISE and CCP tools
- One of the three has a gravity score of 9.9/10
- Some Ise implementations are not vulnerable
Cisco has paved three vulnerabilities in its tools of the identity services services collaboration platform (ISE) and the client collaboration platform (CCP), including a critical severity problem that has a public concept proof exploit (POC).
Recently, three vulnerabilities were discovered, now traced as CVE-2025-20286, CVE-2025-20130 and CVE-2025-20129. The first is described as a vulnerability of static credential reuse, which is located on Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud Infrastructure (OCI) Ise cloud implementations.
It has a gravity score of 9.9/10 (critic), and is derived from an inadequate generation of login credentials, when Ise is implemented on cloud platforms. As a result, the different implementations of Cisco ISE can share the same credentials, provided that the software version and the cloud platform are the same.
Available concept test
As a result, threat actors could access Ise instances implemented in other cloud environments through unusual ports, obtain access to confidential data, to execute limited administration operations, modify system configurations and even interrupt the different services.
The positive side here is that the defect is exploitable only if the primary administration node is implemented in the cloud. If it is in the program, then the instance is not vulnerable.
“Cisco Psirt is aware that the concept test exploitation code is available for vulnerability described in this notice,” said Cisco.
ISE is a security policy management platform that provides control and visibility for access to the network for devices and users, and CCP is a collaboration platform, which allows companies to interact with their customers.
Here is a list of Ise implementations not vulnerable to attacks, according to Cisco’s notice:
“- All local implementations with any form factor where artifacts are installed in the Cisco software download center (ISO U OVA). This includes appliances and virtual machines with different form factors.
– ISE ON AZURE VMWARE SOLUTION (AVS)
– Ise on Google Cloud Vmware Engine
– Ise in Vmware Cloud in AWS
– ISE hybrid implementations with all the characters of the ISE administrator (primary and secondary administration) in facilities with other people in the cloud. “
Through Bleepingcomputer
