The Digital Security Authority (DSA) wants to bring to your attention a vulnerability affecting Cisco's ISE (Identity Services Engine).
Technical Details
New security updates have been released by Cisco to address a critical vulnerability in ISE. This Vulnerability has been assigned a CVSS score of 9.9/10. A remote attacker exploiting this vulnerability can gain access to sensitive data, modify configurations or disrupt services. Specifically in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine As per Cisco, if the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.
Affected Products:
• AWS - Cisco ISE 3.1, 3.2, 3.3, and 3.4
• Azure - Cisco ISE 3.2, 3.3, and 3.4
• OCI - Cisco ISE 3.2, 3.3, and 3.4
Recommendations
The Digital Security Authority recommends upgrading affected products ISE with the corresponding latest fix release by CISCO as showed in the table below:
| Cisco ISE Release | Hot Fix | First Fixed Release |
|---|---|---|
| 3.0 and earlier | Not applicable. | Not affected. |
| 3.1 | ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz This hot fix applies to Releases 3.1 through 3.4. |
Migrate to a fixed release. |
| 3.2 | ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz This hot fix applies to Releases 3.1 through 3.4. |
Migrate to a fixed release. |
| 3.3 | ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz This hot fix applies to Releases 3.1 through 3.4. |
3.3P8 (November 2025) |
| 3.4 | ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz This hot fix applies to Releases 3.1 through 3.4. |
3.4P3 (October 2025) |
| 3.5 | Not applicable. | Planned release (Aug 2025) |
References
The information presented in this report is based on available data up to the 9th of June 2025.