Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with admin-level privileges to access sensitive information – and warned that a public, proof-of-concept exploit for the flaw exists online.
ISE is Cisco’s network access control and security policy platform, and companies use it to centrally manage and enforce security policies across users and devices. The bug, tracked as CVE-2026-20029, received a medium-severity 4.9 CVSS rating and it affects ISE and ISE-PIC, regardless of device configuration.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- DHS Announces “Hack DHS” Bug Bounty Program to Identify Potential Cybersecurity Vulnerabilities
December 14, 2021
WASHINGTON – Today, the Department of Homeland Security (DHS) announced the launch of “Hack DHS,” a bug bounty program to identify potential cybersecurity vulnerabilities within certain DHS systems and increase the Department’s cybersecurity resilience. Through Hack DHS, vetted cybersecurity researchers who have been invited to access select external DHS systems (“hackers”) will identify vulnerabilities (“bugs”) ...
- Second Log4j vulnerability CVE 2021-45046 discovered, patch already released
December 14, 2021
A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228. The description of the new vulnerability, CVE 2021-45046, says the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was “incomplete in certain non-default configurations.” “This could allow attackers… to craft malicious input data using a JNDI ...
- CISA Issues Apache Log4j Vulnerability Guidance
December 14, 2021
CISA and its partners, through the Joint Cyber Defense Collaborative, are responding to active, widespread exploitation of a critical remote code execution (RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1, known as “Log4Shell” and “Logjam.” Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as ...
- Log4j flaw: Nearly half of corporate networks have been targeted by attackers trying to use this vulnerability
December 14, 2021
The number of attacks aiming to take advantage of the recently disclosed security flaw in the Log4j2 Java logging library continues to grow. The vulnerability (CVE-2021-44228) was publicly disclosed on December 9 and enables remote code execution and access to servers. What makes it such a major issue is Log4j is widely used in commonly deployed ...
- Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
December 14, 2021
Microsoft has addressed a zero-day vulnerability that was exploited in the wild to deliver Emotet, Trickbot and more in the form of fake applications. The patch came as part of the computing giant’s December Patch Tuesday update, which included a total of 67 fixes for security vulnerabilities. The patches cover the waterfront of Microsoft’s portfolio, affecting ...
- Bugs in billions of WiFi, Bluetooth chips allow password, data theft
December 13, 2021
Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it’s possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device’s Bluetooth component. Modern consumer electronic devices such as smartphones feature SoCs with separate Bluetooth, WiFi, and LTE components, each with ...