Full Report
Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). [...]
Analysis Summary
# Vulnerability: Critical RCE Flaws in Cisco Identity Services Engine (ISE)
## CVE Details
- CVE ID: **[Not explicitly listed for the RCE flaw, implied critical severity]**
- CVSS Score: **Maximum Severity** (Implied 10.0 for RCE, actual score not specified in the text)
- CWE: [Not explicitly listed]
## Affected Systems
- Products: Cisco Identity Services Engine (ISE)
- Versions: Specific vulnerable versions for the RCE flaws are not detailed, but patches address versions leading up to 3.3 and 3.4 branches.
- Configurations: [Not specified beyond the product itself]
## Vulnerability Description
The article details two *maximum severity* Remote Code Execution (RCE) flaws in Cisco ISE. (Note: Specific CVE IDs and technical details for the RCE flaws were omitted from the provided text snippet, but they are described as RCE vulnerabilities.)
A separate, medium-severity authentication bypass flaw is also detailed:
* **CVE-2025-20264**: Caused by inadequate enforcement of authorization for users created via SAML Single Sign-On (SSO) integration with an external identity provider. This allows an attacker with valid SSO-authenticated credentials to send a specific sequence of commands to modify system settings or perform a system restart.
## Exploitation
- Status: **Not exploited in the wild** (Cisco is not aware of active exploitation for the RCE flaws).
- Complexity: [Not specified]
- Attack Vector: [Not specified for RCE, likely network-based given the product context.]
## Impact
- Confidentiality: [Not specified]
- Integrity: [High impact expected due to RCE]
- Availability: [High impact expected due to RCE]
**Impact of CVE-2025-20264:** An attacker can modify system settings or restart the system.
## Remediation
### Patches
* **For RCE Flaw (Highest Priority):** Upgrade to **3.3 Patch 6** (ise-apply-CSCwo99449\_3.3.0.430\_patch4) or later.
* **For RCE Flaw (Highest Priority):** Upgrade to **3.4 Patch 2** (ise-apply-CSCwo99449\_3.4.0.608\_patch1) or later.
* **For CVE-2025-20264 (Auth Bypass):** Fixes are available in **3.4 Patch 2** and **3.3 Patch 5** or later.
* **For CVE-2025-20264 (Auth Bypass):** A fix for the 3.2 branch is expected in **3.2 Patch 8**, planned for November 2025.
* **For unsupported versions:** ISE 3.1 and earlier are impacted; users must migrate to a newer release branch.
### Workarounds
* **For RCE Flaws:** **No workarounds** were provided; immediate patching is required.
* **For CVE-2025-20264:** [None specified beyond immediate patching.]
## Detection
- Indicators of compromise: [Not specified in the summary]
- Detection methods and tools: [Not specified in the summary]
## References
- Vendor Advisories:
- Cisco Security Advisory for RCE vulnerabilities: hxxps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
- Cisco Security Advisory for Auth Bypass (CVE-2025-20264): hxxps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-mVfKVQAU
- Relevant Links:
- NVD for CVE-2025-20264: hxxps://nvd.nist.gov/vuln/detail/CVE-2025-20264