CVE-2025-20337

CRÍTIC (10,0)

CVSS3: 8,7

Cisco Identity Services Engine podria permetre que un atacant remot executi codi arbitrari al sistema, causat per una validació insuficient de l’entrada proporcionada per l’usuari. Enviant una sol·licitud d’API especialment dissenyada, un atacant podria explotar aquesta vulnerabilitat per obtenir privilegis d’arrel en un dispositiu afectat.

Sistemes Afectats

• Cisco Cisco Identity Services Engine Software 3.3.0
• Cisco Cisco Identity Services Engine Software 3.3 Patch 2
• Cisco Cisco Identity Services Engine Software 3.3 Patch 1
• Cisco Cisco Identity Services Engine Software 3.3 Patch 3
• Cisco Cisco Identity Services Engine Software 3.4.0
• Cisco Cisco Identity Services Engine Software 3.3 Patch 4
• Cisco Cisco Identity Services Engine Software 3.4 Patch 1
• Cisco Cisco Identity Services Engine Software 3.3 Patch 5
• Cisco Cisco Identity Services Engine Software 3.3 Patch 6
• Cisco Cisco ISE Passive Identity Connector 3.2.0
• Cisco Cisco ISE Passive Identity Connector 3.1.0
• Cisco Cisco ISE Passive Identity Connector 3.3.0
• Cisco Cisco ISE Passive Identity Connector 3.4.0

Remediació
Consulteu l’Avís de seguretat de Cisco cisco-sa-ise-unauth-rce-ZAd2GnJ6 per obtenir informació sobre pedaços, actualitzacions o solucions alternatives suggerides. Vegeu-ne les Referències.

Referències

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
• https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/20xxx/CVE-2025-20337.json