Patch now! Attacks on Cisco Identity Services Engine may be imminent
Exploit code for vulnerabilities in Cisco Identity Services Engine and Customer Collaboration Platform is in circulation. Updates are available.
(Image: heise online)
Network equipment supplier Cisco warns of possible attacks on Identity Services Engine (ISE) and Customer Collaboration Platform (CCP). There are also security updates for other products.
Not all patches available yet
According to a warning message, ISE is only vulnerable in the context of Amazon Web Services, Microsoft Azure and Oracle Cloud Infrastructure if the primary admin node is provided in the cloud. On-premises instances are not vulnerable.
If these requirements are met, remote attackers should be able to exploit the “critical” vulnerability (CVE-2025-20286). The security problem is that access data is not reliably randomized in this configuration so that identical login data is assigned. If attackers can extract this data, they then have access to various instances. Among other things, they can then modify system configuration data and view confidential data.
The developers assure us that they have solved the problem in ISE versions 3.3P8 and 3.4P3. Admins who are still using ISE 3.1 or 3.2 must upgrade to a higher version. The security update for 3.5 is due to follow in August 2025.
Because exploit code is in circulation, attacks may be imminent. This also applies to a vulnerability in CCP. According to an article, attackers can use crafted HTTP requests to target the vulnerability (CVE-2025-20129 “medium”) and thus leak data.
Further dangers
Attackers can also exploit vulnerabilities in Integrated Management Controller (CVE-2025-20261 “high”) and Nexus Dashboard Fabric (CVE-2025-20163 “high”), among others, to gain higher user rights.
Videos by heise
Unified Communications Products, Unified Contact Center and ThousandEyes Endpoint Agent for Windows are also vulnerable. Admins can find information on these vulnerabilities in the linked alerts.
Sorted by descending threat level:
- Identity Services Engine on Cloud Platforms
- Integrated Management Controller
- Nexus Dashboard Fabric Controller
- Unified Intelligent Contact Management Enterpris
- Unified Communications Products
- Unified Contact Center Express
- Unified Contact Center Express Editor
- ThousandEyes Endpoint Agent for Windows
- Identity Services Engine
- Customer Collaboration Platform
(des)
