#VU110217 Use of Hard-coded Password in Cisco Identity Services Engine (ISE) - CVE-2025-20286
Published: June 5, 2025
Vulnerability identifier: #VU110217
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:H/E:U/U:Amber
CVE-ID: CVE-2025-20286
CWE-ID: CWE-259
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper generation of credentials during the deployment of Cisco ISE on cloud platforms. A remote attacker can access sensitive data, execute limited administrative operations, modify system configurations or disrupt services within the impacted systems.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.