Latest Cyber Security News

You are here: Home / General Cyber Security News / Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
February 6, 2025

Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices.

The vulnerabilities are listed below –

  • CVE-2025-20124 (CVSS score: 9.9) – An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device.
  • CVE-2025-20125 (CVSS score: 9.1) – An authorization bypass vulnerability in an API of Cisco ISE could could permit an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node

An attacker could weaponize either of the flaws by sending a crafted serialized Java object or an HTTP request to an unspecified API endpoint, leading to privilege escalation and code execution.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Cybersecurity

Cisco said the two vulnerabilities are not dependent on one another and that there are no workarounds to mitigate them. They have been addressed in the below versions –

  • Cisco ISE software release 3.0 (Migrate to a fixed release)
  • Cisco ISE software release 3.1 (Fixed in 3.1P10)
  • Cisco ISE software release 3.2 (Fixed in 3.2P7)
  • Cisco ISE software release 3.3 (Fixed in 3.3P4)
  • Cisco ISE software release 3.4 (Not vulnerable)

Deloitte security researchers Dan Marin and Sebastian Radulea have been credited with discovering and repairing the vulnerabilities.

While the networking equipment major said it’s not aware of any malicious exploitation of the flaws, users are advised to keep their systems up-to-date for optimal protection.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *