5 matches found
๐ Cisco ISE 2.2 Remote Code Execution
This Metasploit module exploits an unauthorized file upload vulnerability in Cisco ISE. A ZIP file containing a JSP file with a manipulated path path traversal is uploaded. The webshell is then extracted to the webapps folder...
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access
Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine ISE and ISE Passive Identity Connector ISE-PIC that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers...
CVE-2025-20282
creationtimestamp| type| source ---|---|--- 2025-06-25 16:47:36+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19481 2025-06-25 20:34:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lshhk7i3pt25 2025-06-26 04:00:00+00:00| seen|...
CVE-2025-20282 Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks tha...
CVE-2025-20282
CVE-2025-20282 affects Cisco ISE and ISE-PIC. An unauthenticated attacker can exploit an internal API to upload arbitrary files via the vulnerable endpoint /api/v1/config/upload , bypassing validation and enabling the execution of those files on the host with root privileges. The issue arises fro...