Cisco Identity Services Engine Authorization Bypass Vulnerability A vulnerability in the web-based management interface of Cisco Identity Service

APPS

CISCO

CLOUD

25-06-2025 13:02

Tags

#exploit

#web

#admin

#add

#cloud

#cisco

#apps

#vulnerability

#affected

#authenticated

#bypass

#security

#remote

#pass

#allow

#attack

#affect

Descripción

Cisco Identity Services Engine Authorization Bypass Vulnerability A vulnerability in the web-based management interface of Cisco (ISE) could allow an authenticated, remote attacker to bypass authorization mechanisms for specific administrative functions. This is due insufficient enforcement users created by SAML SSO integration with external identity provider. An exploit this submitting a series commands affected device. A successful modify limited number system settings, including some that would result restart. In single-node ISE deployments, devices are not authenticated network will be able authenticate until comes back online. Cisco has released software updates address vulnerability. There no workarounds vulnerability. This advisory available at following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-mVfKVQAU <br/>Security Impact Rating: Medium <br/>CVE: CVE-2025-20264 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-mVfKVQAU CISCO

CVE-2025-20264

Link externo

Ver detalles

Fuente

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-mVfKVQAU

Resultados similares

Coincidentes en almenos en 50% de los tags

03-07-2025 CVE-2025-20176
A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could all...
Ver información

03-07-2025 CVE-2025-20175
A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could all...
Ver información