Critical Cisco ISE Vulnerability Exposes Cloud Deployments to Unauthorized Access

HawkEye Hunting Cyber Adversaries

In June 2025, Cisco disclosed a critical vulnerability in its Identity Services Engine (ISE), designated as CVE-2025-20286. This flaw has significant implications for organizations utilizing cloud deployments across major platforms.

Technical Overview

The vulnerability arises from the generation of static credentials during the deployment of Cisco ISE on cloud platforms. Specifically, all instances of a particular Cisco ISE release on a given cloud platform share the same credentials. For instance, every Cisco ISE 3.1 deployment on AWS would have identical credentials.

Affected Versions

The following Cisco ISE versions are impacted:

  • AWS: 3.1, 3.2, 3.3, and 3.4
  • Azure: 3.2, 3.3, and 3.4
  • OCI: 3.2, 3.3, and 3.4

It’s important to note that this vulnerability affects only cloud deployments where the Primary Administration node is deployed in the cloud. On-premises deployments remain unaffected.

Potential Exploitation

An attacker who obtains the static credentials could potentially:

  • Access multiple Cisco ISE instances across different deployments.
  • Extract sensitive information.
  • Modify system configurations.
  • Disrupt services and operations.

Cisco’s Response and Recommendations

Cisco has acknowledged the existence of a proof-of-concept exploit but has not observed any malicious exploitation in the wild. To mitigate the risks associated with this vulnerability, Cisco recommends:

  • Applying Security Updates: Ensure all affected Cisco ISE instances are updated with the latest patches.
  • Restricting Access: Limit access to the Cisco ISE management interface to authorized administrators.
  • Resetting Configurations: Use the “application reset-config ise” command to reset user passwords, keeping in mind that this will restore the system to its factory settings.

Organizations are urged to act promptly to address this vulnerability and safeguard their cloud-based Cisco ISE deployments.

Ready to get started?

Contact us to arrange a half day
Managed SOC and XDR workshop in Dubai

Ready to get started?

Contact us to arrange a half day Managed SOC and XDR workshop in Dubai

© 2025 HawkEye – Managed CSOC and XDR powered by DTS Solution. All Rights Reserved.
This is a staging environment