Cisco addresses two critical severity vulnerabilities impacting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 & CVE-2025-20282, both vulnerabilities have a CVSS score of 10. Successful exploitation of the vulnerabilities may allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
Tag: Cisco Identity Services Engine (ISE)
Cisco Releases Fixes for Identity Services Engine (ISE) Vulnerabilities (CVE-2025-20124 & CVE-2025-20125)
Cisco Identity Services Engine (ISE) is vulnerable to two critical security flaws tracked as CVE-2025-20124 & CVE-2025-20125. Successful exploitation of the vulnerabilities may allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device. An attacker must have valid read-only administrative credentials to successfully exploit the vulnerabilities.
Cisco Patches Identity Services Engine (ISE) Vulnerability with Public Exploit Code (CVE-2024-20469)
Cisco warned its customers about a security flaw impacting the Cisco Identity Services Engine (ISE), which has a publicly available exploit code. Tracked as CVE-2024-20469, the vulnerability may allow an attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. Rafal Lykowski and Alexandre Labbé of A1 Digital International … Continue reading “Cisco Patches Identity Services Engine (ISE) Vulnerability with Public Exploit Code (CVE-2024-20469)”
