Cisco has released software updates for its Identity Service Engine (ISE). The updates address a critical severity vulnerability in the ISE product. Cisco Identity Services Engine (ISE) is a context-aware policy service to control access and threats across wired, wireless, and VPN networks.
CVE-2025-20286 has a CVSSv3 score of 9.9 and is a “use of hard-coded password” vulnerability. An attacker could exploit this vulnerability to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Microsoft informs customers of ‘NotLegit’ Azure bug
December 23, 2021
Microsoft’s Security Response Center has released a blog post explaining its response to the “NotLegit” bug in Azure that was discovered by cloud security company Wiz. Wiz said all PHP, Node, Ruby, and Python applications that were deployed using “Local Git” on a clean default application in Azure App Service since September 2017 are affected. They ...
- Apple fixes macOS security flaw behind Gatekeeper bypass
December 23, 2021
Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems. If they circumvent automated notarization security checks (which scans for malicious components and code-signing issues), the applications are allowed to launch by Gatekeeper, a macOS security feature designed to verify ...
- Microsoft Teams bug allowing phishing unpatched since March
December 22, 2021
Microsoft said it won’t fix or is delaying patches for several security flaws impacting Microsoft Teams’ link preview feature reported since March 2021. German IT security consultancy firm Positive Security’s co-founder Fabian Bräunlein discovered four vulnerabilities leading to Server-Side Request Forgery (SSRF), URL preview spoofing, IP address leak (Android), and denial of service (DoS) dubbed Message ...
- What to Do About Log4j
December 21, 2021
Log4j poses some deep challenges to IT. In this article I’ll discuss some tactical measures people are already taking now and over the next week or two, and some strategic guidance for what to do after the immediate crisis abates. The Problem Log4j is a very useful tool incorporated in much Java code. There are so many ...
- FBI: APT Actors Exploiting Newly-Identified Zero Day in ManageEngine Desktop Central
December 20, 2021
Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers. The APT actors were observed compromising Desktop Central servers, dropping a webshell that overrides a legitimate function of Desktop Central, downloading post-exploitation tools, enumerating domain users and groups, conducting network reconnaissance, attempting ...
- How and why do we attack our own Anti-Spam?
December 20, 2021
We often use machine-learning (ML) technologies to improve the quality of cybersecurity systems. But machine-learning models can be susceptible to attacks that aim to “fool” them into delivering erroneous results. This can lead to significant damage to both our company and our clients. Therefore, it is vital that we know about all potential vulnerabilities in ...