- Cisco Patches Three Vulnerabilities in ISE and CCP tools
- One of the three has a 9.9/10 severity
- Some ISE implementations are not vulnerable
Cisco has patched three vulnerabilities in its Identity Services Engine (ISE) and Customer Samban Society (CCP) tools, including a problem with critical-difficulties that has a public proof-of-concept (POC) exploitation.
Recently, three vulnerabilities were discovered, now tracked as CVE-2025-20286, CVE-2025-20130 and CVE-2025-20129. The former is described as a static legitimation recycling vulnerability found in Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud Infrastructure (OCI) Cloud Deployments of Ise.
It has a severity of 9.9/10 (critical) and stems from incorrect generation of login credentials when ISE is inserted on cloud platforms. As a result, different Cisco ISE implementations can share the same credentials as long as the software release and the cloud platform are the same.
Proof of concept available
As a result, threat actors could access ISE deposits implemented in other sky environments through unsecured gates, access sensitive data, be able to perform limited administrator operations, change system configurations and even interfere with different services.
The silver lining here is that the error can only be exploited if the primary administration node is inserted into the cloud. If it is on-prems, the occurrence is not vulnerable.
“Cisco Psirt is aware that proof-of-concept utilization code is available for the vulnerability described in this advice,” Cisco said.
ISE is a security policy management platform that provides secure network access checks and visibility for devices and users, and CCP is a collaborative platform that allows companies to engage with their customers.
Here is a list of ISE implementations that are not vulnerable to attacks, according to CISCO’s advice:
”- All local implementations with all form factors where artifacts are installed from Cisco Software Download Center (ISO or OVA). This includes appliances and virtual machines with different form factors.
– ISE on Azure VMware Solution (AVS)
– ISE on Google Cloud VMware -Motor
– ISE on VMware Cloud in AWS
-ISE hybrid installations with all ISE administrator people (primary and secondary administration) on site with other people in the cloud. “
Via Bleeping computer
