Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities

SecurityVulns
Yanac

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to issue commands on the underlying operating system as the <em>root </em>user and allow IP access filters to be bypassed.<br><br>
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.<br><br>
For more information about these vulnerabilities, see the <a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO?vs_f=Cisco Security Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities%26vs_k=1#details”>Details</a> section of this advisory.<br><br>
This advisory is available at the following link:<br><a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO”>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO</a><br><br>

<br/>Security Impact Rating: Medium

<br/>CVE: CVE-2025-20283,CVE-2025-20284,CVE-2025-20285Cisco Security AdvisoryRead More