Cisco has released critical patches for three vulnerabilities in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP), with CVE-2025-20286 being the most severe. This vulnerability arises from improperly generated credentials in cloud deployments, allowing unauthorized access across different instances sharing the same credentials. Cisco emphasizes that immediate patching is crucial as there are no workable alternatives for this flaw. The other two vulnerabilities, with CVSS scores of 4.9, pose less risk but also require attention from users.
"An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports."
"These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same," the company said.
Collection
[
|
...
]