Cisco has addressed two critical vulnerabilities in its Identity Services Engine (ISE), enabling remote authenticated attackers to execute arbitrary commands as root and gain access to sensitive information. With CVSS scores of 9.9 and 9.1, these vulnerabilities require valid admin credentials but underscore the ease of compromising such credentials, as highlighted by the NCC Group's report on increasing ransomware incidents. Affected versions 3.0 to 3.3 can be patched, while version 3.4 is secure. Cisco provides upgrade instructions to mitigate these risks. Notably, there are currently no active exploits exploiting these vulnerabilities.
Cisco has fixed two critical vulnerabilities in its Identity Services Engine (ISE) that could allow an authenticated, remote attacker to execute arbitrary commands as root, obtain sensitive information, change configurations and reboot affected devices.
Malicious insiders can also exploit these vulnerabilities. Users of older, affected versions are advised to upgrade to a patched release as stated in the security advisory.
Collection
[
|
...
]