What is the CVSS score of CVE-2025-20286?

CVE-2025-20286 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H. EPSS exploitation probability: 0.1%.

Which versions of AWS are affected by CVE-2025-20286?

All Cisco Identity Services Engine (ISE) deployments on AWS, Azure, and OCI are at critical risk due to shared default credentials across cloud instances, allowing unauthenticated attackers to gain…

How to fix or mitigate CVE-2025-20286?

Within 24 hours: Inventory all Cisco ISE cloud deployments across AWS, Azure, and OCI; restrict network access to ISE management ports (22, 443) to authorized IP ranges only; enable comprehensive logging of ISE administrative access. Within 7 days: Rotate all ISE administrative credentials and service account passwords; review ISE access logs for unauthorized login attempts; implement network segmentation to isolate ISE from untrusted networks. Within 30 days: Engage Cisco support for interim security recommendations; evaluate migration to on-premises ISE or alternative identity platforms if available; conduct full security audit of all systems accessed through compromised ISE instances.

AWS CVE-2025-20286

EUVD-2025-16883 CRITICAL

Use of Hard-coded Password (CWE-259)

2025-06-04 psirt@cisco.com

Authentication Bypass Information Disclosure AWS Cisco Azure Oracle Identity Services Engine

9.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2025-16883

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

CVE Published

Jun 04, 2025 - 17:15 nvd

CRITICAL 9.9

DescriptionNVD

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.

This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.