Cisco ISE maximum severity flaw lets hackers execute root code

News
By published

Versions 3.3 and 3.4 are vulnerable.

Padlock against circuit board/cybersecurity background
(Image credit: Getty Images)
  • Cisco patched a maximum-severity flaw impacting Identity Services Engine and ISE Passive Identity Connector
  • The flaw allowed threat actors to run arbitrary code on the underlying OS
  • It was patched in versions 3.3 and 3.4

A maximum-severity vulnerability was recently discovered, and patched, in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). This flaw allowed threat actors to execute arbitrary code, with elevated privileges, on the operating system of the devices running the tools.

ISE is a network security policy management and access control platform, helping organizations centrally manage who and what can connect to their network. The ISE-PIC, on the other hand, is a lightweight service that collects identity information about users and devices without requiring them to authenticate via traditional methods.

Both tools are typically used by enterprise IT and cybersecurity teams that manage large or complex network environments.

The importance of patching

Recently, security researcher Kentaro Kawane, from GMO Cybersecurity, discovered an insufficient validation of user-supplied input vulnerability that could be exploited by submitting a crafted API request. Valid credentials are not required to abuse the flaw.

It is tracked as CVE-2025-20337, and was given a severity score of 10/10 (critical). It affects releases 3.3 and 3.4 of the tools, regardless of device configuration. However, releases 3.2 or older are not affected.

Cisco addressed the flaws in these versions:

- Cisco ISE or ISE-PIC Release 3.3 (Fixed in 3.3 Patch 7)
- Cisco ISE or ISE-PIC Release 3.4 (Fixed in 3.4 Patch 2)

The good news is that there is no evidence the vulnerability has been exploited in the wild by malicious actors. However, cybercriminals are known for targeting organizations only after a bug was made public, since many entities don’t rush to apply the patches. By keeping hardware and software outdated, organizations are keeping their back doors wide open, and criminals are getting an easy way into the premises.

Therefore, it would be good practice to apply the patches as soon as possible and prevent possible attacks.

Via The Hacker News

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.