Source: The Hacker News Author: [email protected] (The Hacker News) URL: https://thehackernews.com/2025/02/cisco-patches-critical-ise.html
ONE SENTENCE SUMMARY:
Cisco has patched two critical vulnerabilities in Identity Services Engine (ISE) that could allow remote attackers to execute commands and escalate privileges.
MAIN POINTS:
- Two critical vulnerabilities (CVE-2025-20124 and CVE-2025-20125) have been identified in Cisco ISE.
- CVE-2025-20124 allows remote attackers to execute arbitrary commands as root via insecure Java deserialization.
- CVE-2025-20125 enables attackers to bypass authorization, access sensitive data, and alter node configurations.
- Both flaws can be exploited using crafted Java objects or HTTP requests targeting specific API endpoints.
- The vulnerabilities are independent of each other and have no available workarounds.
- Cisco has fixed the issues in ISE releases 3.1P10, 3.2P7, 3.3P4, and confirmed 3.4 is not vulnerable.
- Affected users should migrate to secure software versions for protection against potential exploitation.
- The vulnerabilities were discovered by Deloitte researchers Dan Marin and Sebastian Radulea.
- No known malicious exploitation of these vulnerabilities has been reported so far.
- Keeping systems up-to-date is strongly recommended for maintaining security.
TAKEAWAYS:
- Update Cisco ISE software to fixed releases (3.1P10, 3.2P7, 3.3P4, or 3.4) immediately.
- CVE-2025-20124 has a CVSS score of 9.9, indicating a highly critical threat.
- CVE-2025-20125 poses a risk of unauthorized access and configuration changes with a CVSS score of 9.1.
- No workarounds exist; direct updates are essential for mitigating these vulnerabilities.
- Continuous system updates and monitoring are crucial to defend against emerging threats.