Cisco warns of critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), allowing remote attackers to execute arbitrary code with root privileges. These flaws, including CVE-2025-20337, pose serious risks of system compromise and data breaches. #Cisco #CVE202520537 #IdentityServicesEngine
Keypoints
- Cisco discovered new vulnerabilities affecting ISE and ISE-PIC versions 3.3 and 3.4.
- The vulnerabilities allow unauthenticated remote attackers to execute arbitrary code with root privileges.
- Critical flaws are associated with insufficient input validation and file validation checks.
- Remediation requires upgrading to specific patched versions, as no workarounds are available.
- The vulnerabilities can be exploited independently, increasing the threat landscape for affected systems.
Read More: https://thecyberexpress.com/cisco-cve-2025-20337-and-ise-pic-flaws/