Cisco has updated its advisory to confirm active exploitation of critical security flaws in its Identity Services Engine (ISE) and Passive Identity Connector. These vulnerabilities could allow remote attackers to execute arbitrary code and upload malicious files, risking unauthorized access to internal networks. #Cisco #ISEVulnerabilities
Keypoints
- Ciscoβs security flaws in ISE and ISE-PIC are actively exploited in the wild.
- All identified vulnerabilities have a CVSS score of 10.0, indicating critical severity.
- Exploits can allow remote attackers to execute commands as root without authentication.
- Two vulnerabilities involve API input validation issues, while one pertains to unsafe file uploads.
- Customers are urged to upgrade software immediately and monitor logs for suspicious activity.
Read More: https://thehackernews.com/2025/07/cisco-confirms-active-exploits.html