csaf_ncscnl - ncsc-2025-0183

ncsc-2025-0183

Vulnerability from csaf_ncscnl

Published

2025-06-05 10:25

Modified

2025-06-05 10:25

Summary

Kwetsbaarheid verholpen in Cisco Identity Services Engine voor cloudplatformen

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Cisco heeft een kwetsbaarheid verholpen in Identity Services Engine (ISE) voor cloudplatformen.

Interpretaties

De kwetsbaarheid betreft een fout bij het automatisch genereren van wachtwoorden wanneer Cisco ISE op een cloudplatform wordt geïnstalleerd. Hierdoor worden in verschillende ISE-cloudomgevingen dezelfde wachtwoorden gebruikt. Een ongeauthenticeerde kwaadwillende op afstand kan hierdoor toegang krijgen tot gevoelige gegevens, beperkte beheerrechten op de ISE-omgeving bemachtigen en configuratiewijzigingen doorvoeren. De kwetsbaarheid treft ISE voor Amazon Web Services (AWS), Microsoft Azure en Oracle Cloud Infrastructure (OCI). De kwetsbaarheid doet zich alleen voor wanneer de Primary Administration-node in de cloudomgeving is geïnstalleerd. Omgevingen waar de Primary Administration-node on-premise draait, zijn niet kwetsbaar. Daarnaast zijn enkele specifieke cloudimplementaties niet kwetsbaar. Zie de bijgevoegde referentie voor meer informatie.

Oplossingen

Cisco heeft hotfixes uitgebracht waarmee de kwetsbaarheid wordt verholpen. Zie de bijgevoegde referentie voor meer informatie.

Kans

medium

Schade

high

CWE-259

Use of Hard-coded Password

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Cisco heeft een kwetsbaarheid verholpen in Identity Services Engine (ISE) voor cloudplatformen.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheid betreft een fout bij het automatisch genereren van wachtwoorden wanneer Cisco ISE op een cloudplatform wordt ge\u00efnstalleerd. Hierdoor worden in verschillende ISE-cloudomgevingen dezelfde wachtwoorden gebruikt. Een ongeauthenticeerde kwaadwillende op afstand kan hierdoor toegang krijgen tot gevoelige gegevens, beperkte beheerrechten op de ISE-omgeving bemachtigen en configuratiewijzigingen doorvoeren.\n\nDe kwetsbaarheid treft ISE voor Amazon Web Services (AWS), Microsoft Azure en Oracle Cloud Infrastructure (OCI). De kwetsbaarheid doet zich alleen voor wanneer de Primary Administration-node in de cloudomgeving is ge\u00efnstalleerd. Omgevingen waar de Primary Administration-node on-premise draait, zijn niet kwetsbaar. Daarnaast zijn enkele specifieke cloudimplementaties niet kwetsbaar. Zie de bijgevoegde referentie voor meer informatie.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Cisco heeft hotfixes uitgebracht waarmee de kwetsbaarheid wordt verholpen. Zie de bijgevoegde referentie voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Use of Hard-coded Password",
        "title": "CWE-259"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - certbundde; cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7"
      }
    ],
    "title": "Kwetsbaarheid verholpen in Cisco Identity Services Engine voor cloudplatformen",
    "tracking": {
      "current_release_date": "2025-06-05T10:25:46.291683Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0183",
      "initial_release_date": "2025-06-05T10:25:46.291683Z",
      "revision_history": [
        {
          "date": "2025-06-05T10:25:46.291683Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/3.1.0",
                "product": {
                  "name": "vers:unknown/3.1.0",
                  "product_id": "CSAFPID-1347107"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/3.2.0",
                "product": {
                  "name": "vers:unknown/3.2.0",
                  "product_id": "CSAFPID-1347111"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/3.3.0",
                "product": {
                  "name": "vers:unknown/3.3.0",
                  "product_id": "CSAFPID-2857197"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/3.4.0",
                "product": {
                  "name": "vers:unknown/3.4.0",
                  "product_id": "CSAFPID-2857166"
                }
              }
            ],
            "category": "product_name",
            "name": "Cisco Identity Services Engine Software"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20286",
      "cwe": {
        "id": "CWE-259",
        "name": "Use of Hard-coded Password"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Hard-coded Password",
          "title": "CWE-259"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1347107",
          "CSAFPID-1347111",
          "CSAFPID-2857197",
          "CSAFPID-2857166"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20286",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20286.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1347107",
            "CSAFPID-1347111",
            "CSAFPID-2857197",
            "CSAFPID-2857166"
          ]
        }
      ],
      "title": "CVE-2025-20286"
    }
  ]
}

CVE-2025-20286 (GCVE-0-2025-20286)

Vulnerability from cvelistv5

Published

2025-06-04 16:18

Modified

2025-06-05 18:08

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

CWE

CWE-259 - Use of Hard-coded Password

Summary

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Identity Services Engine Software	Version: 3.1.0 Version: 3.1.0 p1 Version: 3.1.0 p3 Version: 3.1.0 p2 Version: 3.2.0 Version: 3.1.0 p4 Version: 3.1.0 p5 Version: 3.2.0 p1 Version: 3.1.0 p6 Version: 3.2.0 p2 Version: 3.1.0 p7 Version: 3.3.0 Version: 3.2.0 p3 Version: 3.2.0 p4 Version: 3.1.0 p8 Version: 3.2.0 p5 Version: 3.2.0 p6 Version: 3.1.0 p9 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.2.0 p7 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.1.0 p10 Version: 3.3 Patch 5

Show details on NVD website