National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Η Εθνική Ομάδα Αντιμετώπισης Ηλεκτρονικών Επιθέσεων προβλέπει την αύξηση της ηλεκτρονικής ασφαλείας ενισχύοντας την προστασία του κυβερνοχώρου των Εθνικών Κρίσιμων Πληροφοριακών Υποδομών, των τραπεζών και των παροχών επικοινωνίας της Κυπριακής Δημοκρατίας.

ENGLISH
Γραμμή Βοηθείας: 1490
ENGLISH

CISCO ISE Vulnerabilities

07 Φεβρουαρίου 2025

The Digital Security Authority (DSA) wants to bring to your attention two vulnerabilities that affect CISCO ISE.

 

Technical Details

This vulnerabilities concern CISCO ISE Insecure Java Deserialization and Authorization Bypass.

CVE-2025-20124: CISCO ISE Insecure Java Deserialization Vulnerability

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device.

This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges.

Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.

CVE-2025-20125: Cisco ISE Authorization Bypass Vulnerability

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node.

This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device.

Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.

 

Affected Products:

CISCO ISE Software releases versions 3.0-3.4 .

 

Recommendations

The Digital Security Authority recommends updating the affected product version by applying the fixed release as its showned below:

 

 CISOC ISE Software Releases  First Fixed Release
 3.0  Migrate to a fixed release
 3.1  3.1P10
 3.2  3.2P7
 3.3  3.3P4
 3.4  Not Vulnerable

 

References

  1. https://cwe.mitre.org/data/definitions/502.html
  2.  https://cwe.mitre.org/data/definitions/285.html
  3.  https://nvd.nist.gov/vuln/detail/CVE-2025-20124
  4.  https://nvd.nist.gov/vuln/detail/CVE-2025-20125
  5.  https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF

 

The information presented in this report is based on available data up to the 6th of February 2025.

 [ Get the report in .PDF ]

 

Cyber threats require heightened defences

Working towards a trusted and cyber secure Europe

Protect your cyber hygiene

Cyber Europe 2022 [exercise]