Cisco Releases Updates Addressing Critical Vulnerability in Identity Services Engine

On Wednesday, June 4, Cisco released updates to address a hard-coded password issue that affects Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE). According to Cisco’s advisory, the flaw could be exploited to “allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.” The vulnerability affects Cisco ISE 3.1, 3.2, 3.3, and 3.4 deployed on AWS, Cisco 3.2, 3.3, and 3.4 deployed on Azure, and Cisco 3.2, 3.3, and 3.4 deployed on OCI.
 

Editor’s Note

[Neely]
The cloud deployment of ISE generates credentials on install in each cloud environment. The flaw is that static credentials are the same for each product on the same platform, meaning all installs of ICE version 3.1 in AWS have the same generated credentials. There is a POC exploit. The fix is to update ICE and then run the reset application config command on the primary administration node to reset the passwords. Also apply ACLs limiting access to the administration interfaces. Read the Cisco advisory for caveats.

Read more in:
– thehackernews.com: Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
– sec.cloudapps.cisco.com: Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability
– nvd.nist.gov: CVE-2025-20286 Detail