Overview
- Cisco
- Cisco Identity Services Engine Software
Description
Statistics
- 3 Posts
- 3 Interactions
Fediverse
π¨ ππ«π’ππ’ππ€π π€π°πππ¬ππππ«π‘ππππ§ π’π§ ππ’π¬ππ¨ πππ ππ§ πππ-πππ π¨
Cisco waarschuwt voor twee kritieke kwetsbaarheiden in de Identity Services Engine (ISE).
De kwetsbaarheden in Cisco ISE worden aangeduid met kenmerk CVE-2025-20281 en CVE-2025-20282.
De impact van beide beveiligingsproblemen is ingeschaald met een maximale CVSS score van 10.0.
Meer informatie ‡οΈ
https://www.digitaltrustcenter.nl/nieuws/kritieke-kwetsbaarheden-in-cisco-ise-en-ise-pic
Exploitable without authentication, the two flaws are tracked as CVE-2025-20281 and CVE-2025-20282 and have the maximum severity score of 10/10. Both impact specific APIs within the affected products. https://www.securityweek.com/critical-cisco-ise-vulnerabilities-allow-remote-code-execution/
π¨Critical Cisco ISE Vulnerabilities, CVE-2025-20281 & CVE-2025-20282
Two unauthenticated RCE flaws have been disclosed in Cisco ISE and ISE-PIC, allowing remote attackers to execute commands as root without credentials.
CVE-2025-20281
β’ Affects: ISE 3.3 & 3.4
β’ Flaw: Improper input validation in external API
β’ CVSS: 9.8
CVE-2025-20282
β’ Affects: ISE 3.4
β’ Flaw: Internal API permits privileged file uploads
β’ CVSS: 10.0 (Critical)
Full advisory:
https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70475.html
CVE-2025-20281:
https://www.cvedetails.com/cve/CVE-2025-20281/
CVE-2025-20282:
https://www.cvedetails.com/cve/CVE-2025-20282/
Overview
- Cisco
- Cisco Identity Services Engine Software
Description
Statistics
- 3 Posts
- 3 Interactions
Fediverse
π¨ ππ«π’ππ’ππ€π π€π°πππ¬ππππ«π‘ππππ§ π’π§ ππ’π¬ππ¨ πππ ππ§ πππ-πππ π¨
Cisco waarschuwt voor twee kritieke kwetsbaarheiden in de Identity Services Engine (ISE).
De kwetsbaarheden in Cisco ISE worden aangeduid met kenmerk CVE-2025-20281 en CVE-2025-20282.
De impact van beide beveiligingsproblemen is ingeschaald met een maximale CVSS score van 10.0.
Meer informatie ‡οΈ
https://www.digitaltrustcenter.nl/nieuws/kritieke-kwetsbaarheden-in-cisco-ise-en-ise-pic
Exploitable without authentication, the two flaws are tracked as CVE-2025-20281 and CVE-2025-20282 and have the maximum severity score of 10/10. Both impact specific APIs within the affected products. https://www.securityweek.com/critical-cisco-ise-vulnerabilities-allow-remote-code-execution/
π¨Critical Cisco ISE Vulnerabilities, CVE-2025-20281 & CVE-2025-20282
Two unauthenticated RCE flaws have been disclosed in Cisco ISE and ISE-PIC, allowing remote attackers to execute commands as root without credentials.
CVE-2025-20281
β’ Affects: ISE 3.3 & 3.4
β’ Flaw: Improper input validation in external API
β’ CVSS: 9.8
CVE-2025-20282
β’ Affects: ISE 3.4
β’ Flaw: Internal API permits privileged file uploads
β’ CVSS: 10.0 (Critical)
Full advisory:
https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70475.html
CVE-2025-20281:
https://www.cvedetails.com/cve/CVE-2025-20281/
CVE-2025-20282:
https://www.cvedetails.com/cve/CVE-2025-20282/
Overview
- Brother Industries, Ltd
- HL-L8260CDN
Description
Statistics
- 1 Post
- 3 Interactions
Fediverse
Although seven of the eight flaws can be patched, the aforementioned vulnerability, CVE-2024-51978, cannot. https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug
Overview
Description
Statistics
- 1 Post
Fediverse
"CVE-2024-54085, as the vulnerability is tracked, allows for authentication bypasses by making a simple web request to a vulnerable BMC device over HTTP."
Which should be less useful-- assuming some miniscule amount of competence and commensurate rules.
But even that leaves another layer, the bribery route + poor vetting. How valuable are the secrets and who is on the segment?