Cisco Releases Security Advisory Affecting Cisco Identity Service Engine


Cisco has released a security advisory addressing two vulnerabilities, affecting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) .

  • CVE-2025-20281 Cisco ISE API Unauthenticated Remote Code Execution Vulnerability CVE-2025-20281 is an ‘API unauthenticated remote code execution’ vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow a remote, unauthenticated attacker to send crafted API requests, leading to arbitrary code execution (ACE) on the underlying operating system with root privileges.

Read more…
Source: NHS Digital


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • CISA Releases Fourteen Industrial Control Systems Advisories

    June 15, 2023

    CISA released fourteen Industrial Control Systems (ICS) advisories on June 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-166-01 SUBNET PowerSYSTEM Center ICSA-23-166-02 Advantech WebAccessSCADA ICSA-23-166-03 Siemens SICAM Q200 Devices Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • US government agencies hit in global cyberattack

    June 15, 2023

    “Several” US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software. The US Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement on ...

  • VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors

    June 13, 2023

    As Endpoint Detection and Response (EDR) solutions improve malware detection efficacy on Windows and Linux systems, certain state-sponsored threat actors have shifted to developing and deploying malware on systems that do not generally support EDR such as network appliances, SAN arrays, and VMware ESXi hosts. In late 2022, Mandiant published details surrounding a novel malware system deployed ...

  • MOVEit Vulnerabilities: What You Need to Know

    June 12, 2023

    Extortion actors have been actively exploiting a recently patched vulnerability in MOVEit Transfer, a file-transfer application that is widely used to transmit information between organizations. The nature of the software affected means that attackers can exploit unpatched systems to mount a supply chain attack against multiple organizations. While the original vulnerability (CVE-2023-34362) was patched on May ...

  • CISA Releases Two Industrial Control Systems Advisories

    June 8, 2023

    CISA released two Industrial Control Systems (ICS) advisories on June 8, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-159-01 ​Atlas Copco Power Focus 6000 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds One Known Exploited Vulnerability to Catalog   

  • #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability

    June 7, 2023

    CISA and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This joint guide provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate ...