- Cisco corrects three vulnerabilities in ISE and CCP tools
- One of the three has a gravity score of 9.9 / 10
- Some ISE deployments are not vulnerable
Cisco has corrected three vulnerabilities in its collaboration collaboration platform tools (CCP) of its identity engine (ISE), including a problem of critical severity which has an exploit of proof of public concept (POC).
Recently, three vulnerabilities have been discovered, now followed under the name of CVE-2025-20286, CVE-2025-20130 and CVE-2025-20129. The first is described as a vulnerability to reuse static identification information, found in Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud Infrastructure (OCI) Cloud Deployments of Ise.
It has a 9.9 / 10 (critical) severity score and arises from a poor generation of connection identification, when the ISE is deployed on cloud platforms. Consequently, various Cisco ISE deployments can share the same identification information, as long as the software version and the cloud platform are the same.
Proof of concept available
Consequently, threat stakeholders could access ISE bodies deployed in other cloud environments via undeveloped ports, have access to sensitive data, able to carry out limited administration operations, modify system configurations and even disturb various services.
The silver lining here is that the defect can only be used if the main administration node is deployed in the cloud. If it is on site, the body is not vulnerable.
“The Psirt Cisco is aware that the concept proof operating code is available for vulnerability described in this opinion,” said Cisco.
ISE is a security policies management platform that provides access to the secure network and visibility for devices and users, and CCP is a collaboration platform, allowing businesses to engage with their customers.
Here is a list of ISE deployments not vulnerable to attacks, according to Cisco’s advice:
“- All on-site deployments with all the form factors where artefacts are installed from the Cisco (ISO or OVA) software download center. This includes virtual devices and machines with different form factors.
– ISE on Azure VMware Solution (AVS)
– ISE on Google Cloud VMware Engine
– ISE on VMware Cloud in AWS
– ISE hybrid deployments with all ISE administrator characters (primary and secondary administration) on site with other Cloud characters. »»
Via Bleeping Compompute
