Article Details
Scrape Timestamp (UTC): 2025-02-06 07:45:49.636
Source: https://thehackernews.com/2025/02/cisco-patches-critical-ise.html
Original Article Text
Click to Toggle View
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc. Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - An attacker could weaponize either of the flaws by sending a crafted serialized Java object or an HTTP request to an unspecified API endpoint, leading to privilege escalation and code execution. Cisco said the two vulnerabilities are not dependent on one another and that there are no workarounds to mitigate them. They have been addressed in the below versions - Deloitte security researchers Dan Marin and Sebastian Radulea have been credited with discovering and repairing the vulnerabilities. While the networking equipment major said it's not aware of any malicious exploitation of the flaws, users are advised to keep their systems up-to-date for optimal protection.
Daily Brief Summary
Cisco has released updates for two critical vulnerabilities in its Identity Services Engine (ISE).
The flaws allow remote attackers to execute arbitrary commands and elevate privileges on affected devices.
Attackers can exploit these vulnerabilities by sending a crafted serialized Java object or an HTTP request to a specific API endpoint.
The vulnerabilities do not rely on each other, and there are no alternative mitigations aside from updating.
Deloitte security experts, Dan Marin and Sebastian Radulea, identified and helped remedy these vulnerabilities.
Cisco has patched the issues in recent versions and urges users to update their systems to prevent potential exploits.
No instances of malicious exploitation have been reported, but users are strongly advised to remain vigilant and maintain system updates.