Cisco has released software updates for its Identity Service Engine (ISE). The updates address a critical severity vulnerability in the ISE product. Cisco Identity Services Engine (ISE) is a context-aware policy service to control access and threats across wired, wireless, and VPN networks.
CVE-2025-20286 has a CVSSv3 score of 9.9 and is a “use of hard-coded password” vulnerability. An attacker could exploit this vulnerability to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Linux dodges serious Wi-Fi security exploits
October 17, 2022
You may recall that Linus Torvalds recently added support for Rust in the Linux kernel. One of the big reasons for adding Rust was to put an end to Linux code memory problems. It can’t come soon enough. Recently, five serious Linux Wi-Fi security holes were uncovered. What did they all have in common? Go ahead, guess? ...
- Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
October 13, 2022
On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating from a fully patched instance of Zimbra. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed attackers to upload arbitrary files to up-to-date servers. At the moment, Zimbra has released a patch ...
- Fortinet warns admins to patch critical authentication bypass bug immediately
October 7, 2022
Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability. The security flaw (tracked as CVE-2022-40684) is an authentication bypass on the administrative interface that could allow remote threat actors to log into unpatched devices. “An authentication bypass using an alternate path or channel ...
- CISA Releases Three Industrial Control Systems Advisories
October 7, 2022
CISA has released three Industrial Control Systems (ICS) advisories on October 11, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-284-01 Altair HyperView Player ICSA-22-284-02 Daikin SVMPC1 and SVMPC2 ICSA-22-284-03 Sensormatic Electronics C-CURE 9000 Read more… Source: ...
- Microsoft Exchange server zero-day mitigation can be bypassed
October 3, 2022
Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. Threat actors are already chaining both of these zero-day bugs in active attacks to breach Microsoft Exchange servers and achieve remote code execution. Both security flaws were reported ...
- Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082
October 1, 2022
Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. Microsoft also removed a section on MFA as a mitigation, which was included in a prior version of this blog as standard guidance. Microsoft is aware of limited targeted attacks using two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, ...