Cisco Identity Services Engine Cloud Deployment Static Credential Vulnerability

A vulnerability exists in Cisco Identity Services Engine (ISE) deployments on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). This vulnerability allows an unauthenticated, remote attacker to access sensitive data, perform limited administrative tasks, modify system configurations, or disrupt services. The issue arises because credentials are improperly generated during deployment, leading to different ISE instances sharing the same credentials. An attacker could exploit this by extracting credentials from one ISE deployment and using them to access another deployment in a different cloud environment through unsecured ports. This vulnerability affects Cisco ISE only when the Primary Administration node is deployed in the cloud.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data, limited administrative actions, unauthorized modifications to system configurations, or service disruptions within the affected Cisco ISE deployment.

Remediation

Cisco has released software updates to address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For customers without service contracts, upgrades can be requested from the Cisco Technical Assistance Center (TAC).