Cisco ISE API 存在未认证远程代码执行漏洞(CVE-2025-20281),因输入验证不足导致攻击者可执行任意代码并完全控制设备。建议安装补丁修复。 2025-7-24 18:21:16 Author: horizon3.ai(查看原文) 阅读量:23 收藏
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
CVE-2025-20281 is a remote code execution vulnerability affecting Cisco Identity Services Engine (ISE). The vulnerability allows an unauthenticated, remote attacker to execute arbitrary code on the remote host as the root user due to insufficient validation of user-supplied input.
Exploiting this vulnerability can allow an attacker to gain complete control over the affected system. This includes accessing sensitive data, modifying or deleting system resources, and potentially installing malware or creating backdoors.
Mitigations
- Apply the relevant patches as mentioned in the vendor advisory.
Rapid Response N-Day Testing
References
Read about other CVEs
NodeZero® Platform
Implement a continuous find, fix, and verify loop with NodeZero
The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Recognized By
如有侵权请联系:admin#unsafe.sh