Two critical vulnerabilities have been patched in Cisco's Identity Services Engine (ISE) that could allow an authenticated remote attacker to execute arbitrary commands as root, access sensitive information, modify configurations, and reload affected devices. Exploiting these vulnerabilities requires valid read-only administrative credentials but highlights the risk of compromised credentials in ransomware attacks and insider threats. Both bugs affect Cisco ISE and Cisco ISE Passive Identity Connector (ISE-PIC) versions 3.0 to 3.3, and patches are available.
One gives root access, the other lets you steal info and reconfig nodes, in the right circumstancesCisco has fixed two critical vulnerabilities in its Identity Services Engine that could allow an authenticated remote attacker to execute arbitrary commands as root or access sensitive information, modify configurations, and reload affected devices.
Both bugs affect Cisco ISE and Cisco ISE Passive Identity Connector versions 3.0 to 3.3, regardless of device configuration, and both have patches available to apply. Version 3.4 is not vulnerable to either flaw; folks using earlier affected versions are advised to upgrade to a fixed release as detailed in the advisory.
The first flaw, CVE-2025-20124, stems from the insecure deserialization of user-supplied Java byte streams in Cisco ISE, which is network access control software that enforces security policies and manages endpoints across enterprises' IT environments.
CISCO ISE Vulnerabilities Exploitation Ransomware
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Critical Vulnerability in Cisco Meeting Management Tool Requires Urgent PatchingA remote, authenticated attacker with low privileges could exploit a critical vulnerability in Cisco Meeting Management to gain administrator-level access on affected devices. Cisco has released a patch and strongly urges users to install it immediately.
Read more »
Cisco and Nvidia Team Up to Bolster AI Security with GuardrailsCisco and Nvidia recognize the potential risks of AI and have developed specialized tools to mitigate these threats. These tools, known as guardrails, aim to prevent AI agents from being hijacked, generating harmful content, or veering off-topic. Nvidia focuses on smaller language models for jailbreak detection, topic control, and content safety, while Cisco emphasizes model validation, security cloud integration, and AI access restriction.
Read more »
Fulham's Identity Crisis: Balancing History and FinancesThis article explores the tension Fulham football club is facing as it tries to balance its historic charm and tradition with the financial pressures of modern football. The club's ambitious plans for redevelopment, including a luxurious new stand, have led to significant increases in ticket prices, alienating some long-standing fans.
Read more »
Masked Singer Fans Speculate on Bear's Identity After Macy Gray's Dramatic ExitFollowing Macy Gray's unexpected exit as The Toad in the Hole, fans are buzzing with theories about the mysterious Bear's true identity. Example currently leads the pack as the favorite, with Ben Bailey Smith and David Harewood also in the running. The Masked Singer continues to captivate viewers with its shocking eliminations and intriguing performances.
Read more »
Students from Shropshire Academy Trust celebrate cultural identity and community involvement at special eventStudents from a Shropshire Academy Trust came together to celebrate cultural identity and the community around them at a special event.
Read more »
Diplo accuser drops revenge porn lawsuit after judge orders she must reveal identityFans took to social media after eagle eye'd viewers caught Diplo mouthing something along the lines of 'they bought that' as Beyonce wins big at the 2023 Grammy Awards.
Read more »