[Vulnerability Alert] Certificate Vulnerability in Cloud-Based Cisco ISE (CVE-2025-20286)
publish date :
2025-06-10
update date :
2025-06-10
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025060608062424 | Publication Time | 2025/06/06 08:45 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/06/06 08:45 |
| Impact Level | Low | ||
| [Subject] [Vulnerability Alert] Certificate Vulnerability in Cloud-Based Cisco ISE (CVE-2025-20286) |
|||
| [Content] Forwarded from TWCERTCC-200-202506-00000001 Cisco Identity Services Engine (ISE) is an identity-based security policy management platform that collects contextual information from networks and user devices, allowing organizations to implement access policies and make regulatory decisions across network infrastructures. Cisco has recently published a critical vulnerability advisory (CVE-2025-20286, CVSS: 9.9) affecting cloud-deployed versions on AWS, Azure, and OCI. This vulnerability allows unauthenticated remote attackers to access sensitive data, perform limited administrative operations, alter system configurations, or disrupt services on affected systems. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] AWS: ISE versions 3.1, 3.2, 3.3, 3.4 Azure: ISE versions 3.2, 3.3, 3.4 OCI: ISE versions 3.2, 3.3, 3.4 |
|||
| [Recommended Actions] Please refer to Cisco’s official advisory for updates: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7 |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10164-a4b66-1.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center