Cisco has issued software updates to fix two critical vulnerabilities in its Identity Services Engine (ISE) that could permit attackers to take control of devices and access sensitive data. These vulnerabilities affect specific versions of Cisco ISE, prompting the need for immediate upgrades since workarounds are not available. The more severe flaw has a 9.9 critical rating, linked to insecure deserialization in an API, while the second flaw, rated 9.1, involves a lack of authorization in another API. Patches are provided for free and should be prioritized by affected users.
Cisco has rolled out urgent software updates for critical vulnerabilities in its Identity Services Engine that could enable device takeover and data access.
Collection
[
|
...
]