Full Report
Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. [...]
Analysis Summary
# Vulnerability: Cisco ISE Arbitrary File Upload and Cisco CCP Information Disclosure
## CVE Details
- CVE ID: CVE-2025-20130 (Cisco ISE File Upload)
- CVE ID: CVE-2025-20129 (Cisco CCP Information Disclosure)
- CVSS Score: Not explicitly provided in the text, but associated with flaws having public exploit code.
- CWE: Arbitrary File Upload (for CVE-2025-20130); Information Disclosure (for CVE-2025-20129)
## Affected Systems
- Products: Cisco Identity Services Engine (ISE) and Cisco Customer Collaboration Platform (CCP, formerly Cisco SocialMiner).
- Versions: Specific vulnerable versions are not detailed in the provided text, but patches/hotfixes are released for multiple ISE deployments.
- Configurations:
- **ISE Affected:** All ISE deployments, including standalone, High Availability (HA), nodes deployed via AVS, on Google Cloud VMware Engine, on VMware cloud in AWS, and hybrid deployments involving various Administration personas (Primary and Secondary Administration on-premises with other personas in the cloud).
## Vulnerability Description
**CVE-2025-20130 (Cisco ISE):** An arbitrary file upload vulnerability exists in Cisco ISE. Successful exploitation could allow a remote, unauthenticated attacker to upload arbitrary files to the system.
**CVE-2025-20129 (Cisco CCP):** An information disclosure vulnerability exists in the Cisco Customer Collaboration Platform. Successful exploitation could allow an attacker to read sensitive information.
*(Note: A previously disclosed related flaw, a command injection vulnerability, allowed privilege escalation to root on unpatched systems.)*
## Exploitation
- Status: **PoC available** (stated for both new flaws as "flaws with public exploit code").
- Complexity: Likely Low/Medium given the existence of public exploit code for file upload and information disclosure.
- Attack Vector: Unspecified, but file uploads often require network access to a web interface.
## Impact
| Vulnerability | Confidentiality | Integrity | Availability |
| :--- | :--- | :--- | :--- |
| CVE-2025-20130 (ISE File Upload) | Potential High (if uploaded file leads to code execution) | High (arbitrary file modification/replacement) | Potential High (system compromise) |
| CVE-2025-20129 (CCP Info Disclosure) | Potential Medium/High (sensitive data exposure) | Low | Low |
## Remediation
### Patches
- Cisco has released **hotfixes/patches** addressing these vulnerabilities for various Cisco ISE deployments. Administrators should consult the official Cisco Security Advisories for specific product/version patching details.
### Workarounds
- For administrators awaiting hotfixes or unable to apply them immediately, Cisco advises running the command: `application reset-config ise` on the **Primary Administration persona cloud node**.
- **CAUTION:** This workaround will **reset Cisco ISE to the factory configuration**. Restoring backups after using this command will revert the credentials to the original ones.
## Detection
- Detection specifics (IOCs) are not detailed in this summary source. Focus should be on monitoring network traffic to ISE/CCP services for unexpected uploads or access patterns if patching cannot be immediately applied.
## References
- Cisco Security Advisory (CVE-2025-20130): `https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-P4M8vwXY` (Defanged)
- Cisco Security Advisory (CVE-2025-20129): `https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd` (Defanged)