Friday , February 7 2025
Identity Services Engine

Cisco Patches Critical Identity Services Engine (ISE) Vulnerabilities

infosecbulletin 19 hours ago Alert, Vulnerabilities

Cisco has updated its Identity Services Engine (ISE) to fix two critical security flaws that could let remote attackers execute arbitrary commands and gain elevated privileges on affected devices.

The vulnerabilities are listed below:

U.K. orders Apple to let it spy on users’ encrypted accounts: Report

By infosecbulletin / Friday , February 7 2025
Britain's security officials have ordered that Apple create a so-called 'back door' allowing them to retrieve all the content any...
Read More
U.K. orders Apple to let it spy on users’ encrypted accounts: Report

(CVE-2024-21413), (CVE-2025-0411)
Microsoft Outlook and 7 zip Vuln actively exploited; CISA Warns

By infosecbulletin / Friday , February 7 2025
A critical vulnerability (CVE-2025-0411) in the file archiving tool 7-Zip is being actively exploited, mainly targeting Ukrainian organizations. It has...
Read More
(CVE-2024-21413), (CVE-2025-0411) Microsoft Outlook and 7 zip Vuln actively exploited; CISA Warns

Hacker Claims 20 Million OpenAI Logins for sale

By infosecbulletin / Friday , February 7 2025
A threat actor has reportedly acquired login details, including passwords and email addresses, for 20 million OpenAI accounts. GBHackers report states...
Read More
Hacker Claims 20 Million OpenAI Logins for sale

Cisco Patches Critical Identity Services Engine (ISE) Vulnerabilities

By infosecbulletin / Thursday , February 6 2025
Cisco has updated its Identity Services Engine (ISE) to fix two critical security flaws that could let remote attackers execute...
Read More
Cisco Patches Critical Identity Services Engine (ISE) Vulnerabilities

Paragon spyware targeted victims in dozens of European countries: Italy says

By infosecbulletin / Thursday , February 6 2025
WhatsApp revealed that seven Italians, along with victims from over a dozen other European countries, were targeted by spyware in...
Read More
Paragon spyware targeted victims in dozens of European countries: Italy says

Sophisticated malware attack on Indian Banks; Exposes 50,000 users

By infosecbulletin / Thursday , February 6 2025
The zLabs research team found a mobile malware campaign with nearly 900 malware samples aimed at Indian bank users. Analysis...
Read More
Sophisticated malware attack on Indian Banks; Exposes 50,000 users

OPA Gatekeeper Bypass Unveils Risks in Kubernetes Policy Engines

By infosecbulletin / Thursday , February 6 2025
A recent Aqua Security report highlights major security risks in Kubernetes policy enforcement, especially with Open Policy Agent (OPA) Gatekeeper....
Read More
OPA Gatekeeper Bypass Unveils Risks in Kubernetes Policy Engines

(CVE-2025-23419)
F5 Warns of TLS Session Resumption Vulnerability in NGINX

By infosecbulletin / Thursday , February 6 2025
F5 has warned of a vulnerability in NGINX, a widely used web server software. The issue, known as CVE-2025-23419, could...
Read More
(CVE-2025-23419) F5 Warns of TLS Session Resumption Vulnerability in NGINX

Ransomware payments statistics for 2024, a drop of 35%

By infosecbulletin / Thursday , February 6 2025
Ransomware payments dropped by 35% last year compared to 2023, despite an increase in the number of attacks, according to...
Read More
Ransomware payments statistics for 2024, a drop of 35%

CISA Adds 4 Actively Exploited Vuls to KEV Catalog

By infosecbulletin / Wednesday , February 5 2025
CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, noting they are actively being exploited. The list...
Read More
CISA Adds 4 Actively Exploited Vuls to KEV Catalog

CVE-2025-20124 (CVSS score: 9.9): A vulnerability in a Cisco ISE API that allows an authenticated attacker to run commands as the root user on a device.

CVE-2025-20125 (CVSS score: 9.1) – An authentication issue in Cisco ISE’s API could allow a remote attacker with read-only access to retrieve sensitive data, modify settings, and restart the system.

An attacker could exploit these flaws by sending a specially crafted Java object or an HTTP request to a specific API endpoint, resulting in privilege escalation and code execution.

Cisco stated that the two vulnerabilities are independent and have no available workarounds. They have been resolved in the following versions:

Cisco ISE software release 3.0 (Migrate to a fixed release)
Cisco ISE software release 3.1 (Fixed in 3.1P10)
Cisco ISE software release 3.2 (Fixed in 3.2P7)
Cisco ISE software release 3.3 (Fixed in 3.3P4)
Cisco ISE software release 3.4 (Not vulnerable)

Deloitte security researchers Dan Marin and Sebastian Radulea discovered and reported the vulnerabilities. The networking equipment company is not aware of any malicious use of the flaws but advises users to keep their systems updated for better protection.

Sophisticated malware attack on Indian Banks; Exposes 50,000 users

Check Also

AMD

AMD Patches CPU Vulnerability

AMD announced patches on Monday for a microprocessor vulnerability that risks the loss of Secure …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin