- Cisco patched a maximum-severity flaw impacting Identity Services Engine and ISE Passive Identity Connector
- The flaw allowed threat actors to run arbitrary code on the underlying OS
- It was patched in versions 3.3 and 3.4
A maximum-severity vulnerability was recently discovered, and patched, in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). This flaw allowed threat actors to execute arbitrary code, with elevated privileges, on the operating system of the devices running the tools.
ISE is a network security policy management and access control platform, helping organizations centrally manage who and what can connect to their network. The ISE-PIC, on the other hand, is a lightweight service that collects identity information about users and devices without requiring them to authenticate via traditional methods.
Both tools are typically used by enterprise IT and cybersecurity teams that manage large or complex network environments.
The importance of patching
Recently, security researcher Kentaro Kawane, from GMO Cybersecurity, discovered an insufficient validation of user-supplied input vulnerability that could be exploited by submitting a crafted API request. Valid credentials are not required to abuse the flaw.
It is tracked as CVE-2025-20337, and was given a severity score of 10/10 (critical). It affects releases 3.3 and 3.4 of the tools, regardless of device configuration. However, releases 3.2 or older are not affected.
Cisco addressed the flaws in these versions:
– Cisco ISE or ISE-PIC Release 3.3 (Fixed in 3.3 Patch 7)
– Cisco ISE or ISE-PIC Release 3.4 (Fixed in 3.4 Patch 2)
The good news is that there is no evidence the vulnerability has been exploited in the wild by malicious actors. However, cybercriminals are known for targeting organizations only after a bug was made public, since many entities don’t rush to apply the patches. By keeping hardware and software outdated, organizations are keeping their back doors wide open, and criminals are getting an easy way into the premises.
Therefore, it would be good practice to apply the patches as soon as possible and prevent possible attacks.
Via The Hacker News
