Cisco has released software updates for its Identity Service Engine (ISE). The updates address a critical severity vulnerability in the ISE product. Cisco Identity Services Engine (ISE) is a context-aware policy service to control access and threats across wired, wireless, and VPN networks.
CVE-2025-20286 has a CVSSv3 score of 9.9 and is a “use of hard-coded password” vulnerability. An attacker could exploit this vulnerability to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- CISA Adds Six Known Exploited Vulnerabilities to Catalog
October 24, 2022
CISA has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added ...
- Apple fixes new zero-day used in attacks against iPhones, iPads
October 24, 2022
In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year. Apple revealed in an advisory today that it’s aware of reports saying the security flaw “may have been actively exploited.” The bug (CVE-2022-42827) is an out-of-bounds write issue reported to Apple by an ...
- Exploited Windows zero-day lets JavaScript files bypass security warnings
October 22, 2022
An update was added to the end of the article explaining that any Authenticode-signed file, including executables, can be modified to bypass warnings. A new Windows zero-day allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks. Windows includes a security ...
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
October 20, 2022
CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added ...
- CISA Releases Three Industrial Control Systems Advisories
October 20, 2022
CISA has released three (3) Industrial Control Systems (ICS) advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-293-01 Bentley Systems MicroStation Connect ICSMA-21-294-01 B Braun Infusomat Space Large Volume Pump ...
- CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
October 19, 2022
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to reference the addition of a new Malware Analysis Report, MAR-10398871.r1.v2. CISA encourages organizations to review the latest update to AA22-228A ...