Cisco disclosed a new critical vulnerability in its Identity Services Engine (ISE) that can lead to remote code execution without user credentials. The flaw, with a maximum CVSS score of 10/10, affects versions 3.3 and 3.4 of Cisco ISE and ISE-PIC, prompting urgent patches. #CiscoISE #RCE #SecurityPatch
Keypoints
- Cisco identified a critical vulnerability in ISE and ISE-PIC that could enable remote code execution.
- The flaw impacts specific versions (3.3 and 3.4) and is related to API input validation issues.
- Patching updates are available in versions 3.3 patch 7 and 3.4 patch 2 to fix the vulnerability.
- A separate high-severity flaw in the Unified Intelligence Center allows arbitrary file uploads and privilege escalation.
- Cisco reports no awareness of these vulnerabilities being exploited in active attacks.
Read More: https://www.securityweek.com/cisco-patches-another-critical-ise-vulnerability/