this post was submitted on 27 Jun 2025
1 points (100.0% liked)

cybersecurity

14 readers
1 users here now

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

founded 2 years ago
MODERATORS
[email protected]
1
Cisco ISE vulnerable APIs, CVE-2025-20124 and CVE-2025-20125 CVE-2025-20281 and CVE-2025-20282 - Mitigations? (zerobytes.monster)
submitted 3 days ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
The original post: /r/cybersecurity by /u/Positive-Sir-3789 on 2025-06-26 18:06:09.

There have been several ISE CVEs with critical 10 scores.

These are related to APIs that are on by default on ISE. Why doesn't Cisco document that disabling the API is a workaround to these CVEs? Is there some other attack vector besides the API?

2/6/25: CVE-2025-20124 and CVE-2025-20125

6/25/25: CVE-2025-20281 and CVE-2025-20282

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here