Cisco has released software updates for its Identity Service Engine (ISE). The updates address a critical severity vulnerability in the ISE product. Cisco Identity Services Engine (ISE) is a context-aware policy service to control access and threats across wired, wireless, and VPN networks.
CVE-2025-20286 has a CVSSv3 score of 9.9 and is a “use of hard-coded password” vulnerability. An attacker could exploit this vulnerability to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Apple rushes to block ‘zero-click’ iPhone spyware
September 14, 2021
Apple has issued a software patch to block so-called “zero-click” spyware that could infect iPhones and iPads. Independent researchers identified the flaw, which lets hackers access devices through the iMessage service even if users do not click on a link or file. The problem affects all of the technology giant’s operating systems, the researchers said. Read more… Source: BBC ...
- Windows MSHTML zero-day exploits shared on hacking forums
September 12, 2021
Threat actors are sharing Windows MSHTML zero-day (CVE-2021-40444) tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. Last Tuesday, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a ...
- Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
September 9, 2021
Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger. It should be noted that by default, Office documents downloaded from the internet are opened either ...
- Miscreants fling booby-trapped Office files at victims, no patch yet, says Microsoft
September 7, 2021
In an advisory issued on Tuesday, Microsoft said some of its users were targeted by poisoned Office documents that exploit an unpatched flaw to hijack their Windows machines. The vulnerability, CVE-2021-40444, is described as a hole in MSHTML, Internet Explorer’s browser engine. Miscreants are seemingly placing a malicious ActiveX control in an Office document and convincing ...
- Netgear Smart Switches Open to Complete Takeover
September 7, 2021
Three severe Netgear vulnerabilities, codenamed Demon’s Cries, Draconian Fear and Seventh Inferno by the researcher that found them, affect 20 of the company’s managed smart switches and could allow an attacker to take them over. The bugs were patched on Friday with zero technical details made available, but the researcher has now released more details on ...
- Threat Brief: CVE-2021-26084
September 3, 2021
On Aug. 25, 2021, Atlassian released a security advisory for an injection vulnerability in Confluence Server and Data Center, CVE-2021-26084. If the vulnerability is exploited, threat actors could bypass authentication and run arbitrary code on unpatched systems. Since the release of this advisory, mass scanning activity has started to occur, seeking unpatched systems, and in-the-wild ...