How to fix CVE-2025-20286?

Within 24 hours: Inventory all Cisco ISE cloud deployments across AWS, Azure, and OCI; restrict network access to ISE management ports (22, 443) to authorized IP ranges only; enable comprehensive logging of ISE administrative access. Within 7 days: Rotate all ISE administrative credentials and service account passwords; review ISE access logs for unauthorized login attempts; implement network segmentation to isolate ISE from untrusted networks. Within 30 days: Engage Cisco support for interim security recommendations; evaluate migration to on-premises ISE or alternative identity platforms if available; conduct full security audit of all systems accessed through compromised ISE instances.

Is Azure affected by CVE-2025-20286?

All Cisco Identity Services Engine (ISE) deployments on AWS, Azure, and OCI are at critical risk due to shared default credentials across cloud instances, allowing unauthenticated attackers to gain administrative access and compromise sensitive authentication data.

CVE-2025-20286

EUVD-2025-16883 CRITICAL

2025-06-04 [email protected]

9.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2025-16883

CVE Published

Jun 04, 2025 - 17:15 nvd

CRITICAL 9.9

Description

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.

Analysis

Default credentials in Cisco ISE cloud deployments on AWS/Azure/OCI. CVSS 9.9.

Technical Context

CWE-259 use of hard-coded password.

Affected Products

['Cisco ISE on AWS/Azure/OCI']

Remediation

Change default credentials immediately.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +50

POC: 0

CVE-2025-20286 vulnerability details – vuln.today

Back

CVE-2025-20286

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-20286

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code