CyberSecurity news

FlagThis - #Cisco

@sec.cloudapps.cisco.com //
Cisco is urging immediate action following the discovery of a critical vulnerability, CVE-2025-20309, in its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The flaw stems from hardcoded SSH root credentials that cannot be modified or removed, potentially allowing remote attackers to gain root-level access to affected systems. This vulnerability has a maximum severity rating with a CVSS score of 10.0, indicating it can be easily exploited with devastating consequences.

Cisco's security advisory specifies that all Engineering Special (ES) releases from 15.0.1.13010-1 through 15.0.1.13017-1 are vulnerable, regardless of optional features in use. An unauthenticated remote attacker can exploit this vulnerability by utilizing the static root account credentials to establish SSH connections to vulnerable systems. Once authenticated, the attacker gains complete administrative control over the affected device, enabling the execution of arbitrary commands with root privileges.

There are no temporary workarounds to mitigate this risk. To remediate the vulnerability, administrators are advised to upgrade to version 15SU3 or apply the CSCwp27755 patch. Although Cisco discovered the flaw through internal testing and has not found evidence of active exploitation in the wild, the extreme severity necessitates immediate action to safeguard enterprise communications. The company has issued emergency fixes for the critical root credential flaw in Unified CM.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • MeatMutts: Cisco Urges Immediate Action After Discovering Backdoor in Unified Communications Manager
  • infosec.exchange: : Unified Communications Manager systems could allow remote attackers to gain root-level access. The vulnerability CVE-2025-20309 with a maximum CVSS 10.0, stems from hardcoded SSH root credentials that cannot be modified or removed: 👇
  • Rescana: Critical Cisco Unified CM Vulnerability: Root Access via Static Credentials – Technical Analysis & Mitigation Strategies
  • cybersecuritynews.com: Unified Communications Manager systems could allow remote attackers to gain root-level access. The vulnerability CVE-2025-20309 with a maximum CVSS 10.0, stems from hardcoded SSH root credentials that cannot be modified or removed:
  • hackread.com: Cisco Issues Emergency Fix for Critical Root Credential Flaw in Unified CM
  • thecyberexpress.com: Cisco Issues Urgent Patch for Critical Unified CM Vulnerability (CVE-2025-20309)
  • Arctic Wolf: CVE-2025-20309: Cisco Unified Communications Manager Static SSH Credentials Maximum Severity Vulnerability
  • arcticwolf.com: CVE-2025-20309: Cisco Unified Communications Manager Static SSH Credentials Maximum Severity Vulnerability
  • sec.cloudapps.cisco.com: Security advisory from Cisco addressing the vulnerability.
  • The Register - Security: Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform
  • nvd.nist.gov: Details of the Cisco vulnerability CVE-2025-20309.
Classification:
  • HashTags: #Cisco #Vulnerability #UnifiedCM
  • Company: Cisco
  • Target: Cisco Unified CM
  • Product: Unified CM
  • Feature: Hardcoded Credentials
  • Malware: CVE-2025-20309
  • Type: Vulnerability
  • Severity: Disaster
sjvn01@Practical Technology //
Cisco is making significant strides in integrating artificial intelligence into its networking and data center solutions. They are releasing a range of new products and updates that leverage AI to enhance security and automate network tasks, with a focus on supporting AI adoption for enterprise IT. These new "AgenticOps" tools will enable the orchestration of AI agents with a high degree of autonomy within enterprise environments, aiming to streamline complex system management. Cisco's strategy includes a focus on secure network architectures and AI-driven policies to combat emerging threats, including rogue AI agents.

The networking giant is also strengthening its data center strategy through an expanded partnership with NVIDIA. This collaboration is designed to establish a new standard for secure, scalable, and high-performance enterprise AI. The Cisco AI Defense and Hypershield security solutions utilize NVIDIA AI to deliver enhanced visibility, validation, and runtime protection across AI workflows. This partnership builds upon the Cisco Secure AI Factory with NVIDIA, aiming to provide continuous monitoring and protection throughout the AI lifecycle, from data ingestion to model deployment.

Furthermore, Cisco is enhancing AI networking performance to meet the demands of data-intensive AI workloads. This includes Cisco Intelligent Packet Flow, which dynamically steers traffic using real-time telemetry, and NVIDIA Spectrum-X, an AI-optimized Ethernet platform that delivers high-throughput and low-latency connectivity. By offering end-to-end visibility and unified monitoring across networks and GPUs, Cisco and NVIDIA are enabling enterprises to maintain zero-trust security across distributed AI environments, regardless of where data and workloads are located.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Practical Technology: Serious about running your own AI infrastructure? Consider Cisco’s latest offerings.
  • WhatIs: The networking giant released a slew of products leveraging the capabilities of last year's Splunk acquisition and touting a focus on AI adoption support.
  • Latest news: AgenticOps tools are a way to 'orchestrate' agents that will have a high degree of autonomy in the enterprise campus.
  • blogs.nvidia.com: Cisco and NVIDIA are helping set a new standard for secure, scalable and high-performance enterprise AI.
Classification:
  • HashTags: #AINetworking #DataCenter #Cybersecurity
  • Company: Cisco
  • Target: Enterprises
  • Product: Networking Products
  • Feature: AI Integration
  • Type: ProductUpdate
  • Severity: Informative
TIGR Threat@Security Risk Advisors //
Cisco has issued a critical security advisory regarding a vulnerability, CVE-2025-20286, in its Identity Services Engine (ISE) when deployed on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). This static credential flaw enables unauthenticated remote attackers to potentially access sensitive data, perform limited administrative actions, modify system configurations, or disrupt services. The vulnerability stems from improperly generated credentials during cloud deployments, resulting in multiple ISE deployments sharing the same static credentials, provided they are on the same software release and cloud platform.

Exploitation of CVE-2025-20286 could allow attackers to extract user credentials from a compromised Cisco ISE cloud deployment and utilize them to access other ISE instances in different cloud environments via unsecured ports. This could lead to unauthorized access to sensitive data, execution of limited administrative operations, changes to system configurations, or service disruptions. Cisco's Product Security Incident Response Team (PSIRT) has confirmed the existence of a proof-of-concept (PoC) exploit for this vulnerability, though there is no evidence of active exploitation in the wild.

The vulnerability impacts specific versions of Cisco ISE, affecting versions 3.1, 3.2, 3.3, and 3.4 on AWS, and versions 3.2, 3.3, and 3.4 on Azure and OCI. Cisco emphasizes that this vulnerability only affects deployments where the Primary Administration node is hosted in the cloud; on-premises deployments are not affected. While there are no official workarounds, Cisco recommends restricting traffic to authorized administrators or using the "application reset-config ise" command to reset user passwords. The company has released security patches to address the flaw and urges users to update their systems promptly.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Cyber Security News: Cisco Alerts on ISE Vulnerability Exposing Sensitive Data with Available PoC Exploit
  • Security Affairs: Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions.
  • The Hacker News: Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems.
  • Security Risk Advisors: Static credential flaw (CVE-2025-20286) in #Cisco ISE cloud deployments enables unauthorized access across AWS, Azure, and OCI.
  • SOC Prime Blog: A critical vulnerability in Cisco’s Identity Services Engine (ISE) enables unauthenticated remote attackers to retrieve sensitive information and perform administrative actions across various cloud environments upon exploitation.
  • Arctic Wolf: CVE-2025-20286: PoC Available for Critical Cisco Identity Services Engine Static Credential Vulnerability
  • arcticwolf.com: On 4 June 2025, Cisco released fixes for multiple vulnerabilities, several of which were noted to have publicly available proof-of-concept (PoC) exploit code. The most severe issue, CVE-2025-20286, affects cloud deployments of Cisco Identity Services Engine (ISE) on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI).
  • sec.cloudapps.cisco.com: Static credential flaw (CVE-2025-20286) in #Cisco ISE cloud deployments enables unauthorized access across AWS, Azure, and OCI.
  • socprime.com: A critical vulnerability in Cisco’s Identity Services Engine (ISE) enables unauthenticated remote attackers to retrieve sensitive information and perform administrative actions across various cloud environments upon exploitation.
  • www.techradar.com: Cisco warns over worrying security flaws in ISE affecting AWS, Azure cloud deployments - here's what you need to know
  • arcticwolf.com: CVE-2025-20286: PoC Available for Critical Cisco Identity Services Engine Static Credential Vulnerability
  • www.itpro.com: Cisco patches critical flaw affecting Identity Services Engine
  • Arctic Wolf: CVE-2025-20286: PoC Available for Critical Cisco Identity Services Engine Static Credential Vulnerability
  • Blog: How to find Cisco Identity Services Engine (ISE) installations
  • www.scworld.com: Cisco patches Identity Services Engine flaw affecting AWS, Azure, OCI
Classification:
  • HashTags: #CiscoISE #CloudSecurity #Vulnerability
  • Company: Cisco
  • Target: Cloud deployments on AWS, Azure, OCI
  • Product: ISE
  • Feature: Authentication Bypass
  • Malware: CVE-2025-20286
  • Type: Vulnerability
  • Severity: Critical