Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

2025-02-06 07:40

Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote

News URL

https://thehackernews.com/2025/02/cisco-patches-critical-ise.html

#cisco #critical #root #vulnerabilities #CVE-2025-20124

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-05	CVE-2025-20124	A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. network low complexity CWE-502 critical	9.9

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		2047	21	1773	1670	288	3752

News URL

Related news

Related Vulnerability

Related vendor