Source URL: https://www.theregister.com/2025/02/05/cisco_plugs_two_critical_ise_bugs/
Source: The Register
Title: Cisco patches two critical Identity Services Engine flaws
Feedly Summary: One gives root access, the other lets you steal info and reconfig nodes, in the right (or should that be wrong) circumstances
Cisco has fixed two critical vulnerabilities in its Identity Services Engine (ISE) that could allow an authenticated remote attacker to execute arbitrary commands as root or access sensitive information, modify configurations, and reload affected devices.…
AI Summary and Description: Yes
Summary: Cisco has addressed two critical vulnerabilities in its Identity Services Engine (ISE) and ISE-PIC that could allow authenticated remote attackers to gain unauthorized access or control over affected devices. These vulnerabilities underline the importance of securing administrative credentials in preventing potential exploitation through compromised logins.
Detailed Description:
Cisco’s recent security advisory highlights two significant vulnerabilities affecting its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC):
– **CVE-2025-20124**:
– Severity: 9.9 out of 10.
– Nature: Insecure deserialization of user-supplied Java byte streams.
– Impact: Attackers can execute arbitrary commands on the device and potentially elevate privileges if they exploit this flaw via a crafted serialized Java object to an affected API.
– Credits: Discovered by Dan Marin and Sebastian Radulea from Deloitte.
– **CVE-2025-20125**:
– Severity: 9.1 out of 10.
– Nature: Authorization bypass vulnerability.
– Impact: Authenticated remote attackers with valid read-only credentials can access sensitive information, alter configurations, and restart nodes by exploiting this vulnerability through an HTTP request to the API.
– Disclosed by Sebastian Radulea.
Both vulnerabilities affect versions 3.0 to 3.3 of the Cisco ISE and are considered critical due to the high risk they pose if an attacker gains administrative access, which can be accomplished if such credentials are compromised or misused by rogue insiders.
Key Insights:
– **Authentication Compromise Risks**: The vulnerabilities highlight how crucial it is to safeguard administrative credentials, as gaining access to read-only credentials can pave the way for further exploitation.
– **Prevention Measures**: Organizations must ensure they are running the latest version (3.4+) to avoid these vulnerabilities and implement robust credential management practices to mitigate potential breaches.
– **Response Protocol**: Cisco has provided patches for the vulnerabilities, and users are strongly encouraged to upgrade their systems as detailed in the advisory. Regulatory compliance and security protocols demand quick action to address such critical risks.
Overall, these incidents underscore the need for continuous vigilance and proactive measures in maintaining infrastructure security, particularly in environments that utilize network access control systems like Cisco ISE.