Security News > 2025 > February > Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
2025-02-06 07:40

Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote


News URL

https://thehackernews.com/2025/02/cisco-patches-critical-ise.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-02-05 CVE-2025-20124 Deserialization of Untrusted Data vulnerability in Cisco Identity Services Engine
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software.
network
low complexity
cisco CWE-502
7.2
7.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2048 21 1790 1683 288 3782