Cisco has released security fixes for multiple vulnerabilities across its product line, including a critical flaw affecting cloud deployments of the Identity Services Engine (ISE). Attackers could exploit this vulnerability to access sensitive data and disrupt services, with proof-of-concept code already available. #CVE-2025-20286 #ISE #CiscoVulnerabilities
Keypoints
- Cisco fixed a critical vulnerability (CVE-2025-20286) in ISE affecting cloud deployments on AWS, Azure, and OCI.
- The flaw allows attackers to access multiple ISE instances using shared credentials, leading to potential data breaches and service disruption.
- Two high-severity issues relate to SSH connectivity flaws in Cisco UCS servers and Nexus Data Center Network Fabric Control (NDFC).
- Additional medium-severity vulnerabilities impact Ciscoβs Unified Communications, Contact Center, and other products, which could allow remote command execution or data disclosure.
- Cisco recommends immediate updates to affected devices, as no workarounds are available for the critical ISE vulnerability.
Views: 24