Critical Cisco ISE Vulnerabilities Allow Remote Code Execution 

Critical Cisco ISE Vulnerabilities Allow Remote Code Execution 

Posted on By CWS

Cisco on Wednesday introduced patches for 2 critical-severity vulnerabilities in Identification Companies Engine (ISE) and Cisco ISE Passive Identification Connector (ISE-PIC) that would result in distant code execution (RCE).

Exploitable with out authentication, the 2 flaws are tracked as CVE-2025-20281 and CVE-2025-20282 and have the utmost severity rating of 10/10. Each impression particular APIs inside the affected merchandise.

CVE-2025-20281 exists as a result of user-supplied enter is insufficiently validated, permitting distant, unauthenticated attackers to submit crafted API requests and execute arbitrary code with root privileges.

CVE-2025-20282 exists as a result of an absence of file validation checks permits attackers to position arbitrary recordsdata in privileged directories on a weak system.

“An attacker might exploit this vulnerability by importing a crafted file to the affected gadget. A profitable exploit might enable the attacker to retailer malicious recordsdata on the affected system after which execute arbitrary code or get hold of root privileges on the system,” Cisco explains in its advisory.

The bugs usually are not depending on each other, and the exploitation of both of them doesn’t require that the opposite is exploited. Moreover, Cisco says, software program variations affected by one flaw will not be impacted by the opposite.

CVE-2025-20281 impacts ISE and ISE-PIC releases 3.3 and later, and was fastened in ISE and ISE-PIC variations 3.3 patch 6 and three.4 patch 2. CVE-2025-20282 solely impacts ISE and ISE-PIC launch 3.4, no matter gadget configuration, and was addressed in ISE and ISE-PIC 3.4 patch 2.

Given the essential severity of each vulnerabilities, customers are suggested to use the obtainable patches as quickly as attainable.Commercial. Scroll to proceed studying.

On Wednesday, Cisco additionally introduced fixes for a medium-severity ISE flaw that would enable distant attackers to bypass authorization mechanisms and modify particular system settings, together with some resulting in a system restart.

Cisco says it’s not conscious of any of those vulnerabilities being exploited within the wild. Further info will be discovered on the corporate’s safety advisories web page.

Associated: Excessive-Severity Vulnerabilities Patched by Cisco, Atlassian

Associated: Cisco Patches Vital ISE Vulnerability With Public PoC

Associated: Technical Particulars Printed for Vital Cisco IOS XE Vulnerability

Security Week News Tags:, , , , , ,

Related Posts

India Rolls Back Order to Preinstall Cybersecurity App on Smartphones India Rolls Back Order to Preinstall Cybersecurity App on Smartphones Security Week News
Firebase, Google Apps Script Abused in Fresh Phishing Campaigns Firebase, Google Apps Script Abused in Fresh Phishing Campaigns Security Week News
US Sanctions Myanmar Militia Involved in Cyber Scams  US Sanctions Myanmar Militia Involved in Cyber Scams  Security Week News
CISO Communities – Cybersecurity’s Secret Weapon CISO Communities – Cybersecurity’s Secret Weapon Security Week News
Gambit Cyber Raises .4 Million in Seed Funding Gambit Cyber Raises $3.4 Million in Seed Funding Security Week News
Critical Security Updates Released by Cisco and F5 Critical Security Updates Released by Cisco and F5 Security Week News