Lucene search
K

7 matches found

githubexploit
githubexploit
added 2025/08/12 10:34 p.m.403 views

Exploit for Deserialization of Untrusted Data in Cisco Identity_Services_Engine

CVE-2025-20124 – Cisco ISE 3.0 Java Deserialization Remote Cod...

9.9CVSS8AI score0.17218EPSS
Exploits4
redhatcve
redhatcve
added 2025/02/07 5:21 p.m.11 views

CVE-2025-20124

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit...

9.9CVSS7.8AI score0.17218EPSS
Exploits4References1
thn
thn
added 2025/02/06 7:40 a.m.44 views

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Cisco has released updates to address two critical security flaws Identity Services Engine ISE that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 CVSS score: 9.9 - An insecure Java...

9.9CVSS8.7AI score0.17218EPSS
Exploits5
circl
circl
added 2025/02/05 4:21 p.m.23 views

CVE-2025-20124

creationtimestamp| type| source ---|---|--- 2025-02-05 16:21:38+00:00| seen| https://infosec.exchange/users/cve/statuses/113952194402567067 2025-02-05 16:37:05+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113952255128702135 2025-02-05 17:15:47+00:00| seen|...

9.9CVSS8.1AI score0.17218EPSS
Exploits4References30
vulnrichment
vulnrichment
added 2025/02/05 4:12 p.m.18 views

CVE-2025-20124 Cisco Identity Services Engine Java Deserialization Vulnerability

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit...

9.9CVSS7.8AI score0.17218EPSS
Exploits4References1
cvelist
cvelist
added 2025/02/05 4:12 p.m.27 views

CVE-2025-20124 Cisco Identity Services Engine Java Deserialization Vulnerability

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit...

9.9CVSS0.17218EPSS
Exploits4References1
cve
cve
added 2025/02/05 4:12 p.m.260 views

CVE-2025-20124

Cisco Identity Services Engine (ISE) exposes a vulnerability via insecure Java deserialization in its API. An authenticated attacker with valid read-only credentials can send a crafted serialized Java object to the affected API to execute arbitrary commands on the device with root privileges, pot...

9.9CVSS9.7AI score0.17218EPSS
Exploits4References1Affected Software1
Rows per page
Query Builder