Cisco has released ten security advisories revealing multiple vulnerabilities in its products, including critical flaws in the Identity Services Engine (ISE) and Unified Intelligence Center. While these issues could lead to DoS, privilege escalation, and data manipulation, there are no known active exploits in the wild. #CVE-2025-20152 #CVE-2025-20113
Keypoints
- Cisco disclosed over a dozen vulnerabilities across its product suite, including high-severity flaws in ISE and Unified Intelligence Center.
- The ISE vulnerability (CVE-2025-20152) could allow remote, unauthenticated attackers to cause a denial of service via RADIUS request manipulation.
- Authenticated attackers can elevate privileges or manipulate API requests in Unified Intelligence Center due to multiple high- and medium-severity bugs.
- Exploiting these vulnerabilities could enable XSS attacks, command injection, privilege escalation, and data tampering.
- Cisco is unaware of any active exploitation but advises updating affected products to mitigate risks.
Read More: https://www.securityweek.com/cisco-patches-high-severity-dos-privilege-escalation-vulnerabilities/