Redazione RHC : 18 July 2025 07:41
Several vulnerabilities have been identified in the Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) products that could allow a remote attacker to execute arbitrary commands on the underlying operating system with administrative privileges.
Cisco has already released software updates to address these vulnerabilities, and there are currently no mitigation workarounds available. A remote attacker could exploit these vulnerabilities to gain root access and execute commands on the system.
The vulnerabilities are independent of each other, meaning that exploiting one is not a prerequisite for exploiting the others. Furthermore, a given software version vulnerable to one of these vulnerabilities may not be affected by the others.
All three vulnerabilities have been classified by Cisco’s CNA with a base severity score (CVSS v3) of 10 out of 10, the highest level of criticality. This score highlights not only the severity of the potential impact, but also the relative ease with which an attacker could exploit these vulnerabilities.
| Cisco ISE or ISE-PIC versions | CVE-2025-20281 (score 10) | CVE-2025-20282 (score 10) | CVE-2025-20337 (score 10) |
|---|---|---|---|
| 3.2 and earlier | Not vulnerable | Not vulnerable | Not vulnerable |
| 3.3 | 3.3 Patch 7 | Not Vulnerable | 3.3 Patch 7 |
| 3.4 | 3.4 Patch 2 | 3.4 Patch 2 | 3.4 Patch 2 |
CVE-2025-20281 and CVE-2025-20337: Execution Vulnerabilities of Cisco API unauthenticated remote code ISE
Several vulnerabilities in a specific Cisco ISE and Cisco ISE-PIC API could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. An attacker does not need valid credentials to exploit these vulnerabilities.
These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit them by sending a forged API request. A successful exploit could allow an attacker to gain root privileges on an affected device.
CVE-2025-20282: Unauthenticated Remote Code Execution Vulnerability in Cisco ISE API
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system. as root.
This vulnerability is due to a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a forged file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or gain root privileges on the system.
Redazione