One gives root access, the other lets you steal info and reconfig nodes, in the right (or should that be wrong) circumstances
February 5, 2025 By Jessica Lyons
Cisco has fixed two critical vulnerabilities in its Identity Services Engine (ISE) that could allow an authenticated remote attacker to execute arbitrary commands as root or access sensitive information, modify configurations, and reload affected devices.
As if requiring authentication wasn't a hurdle enough: Exploiting either of these 9.9 and 9.1-out-of-10-severity-rated bugs requires valid read-only administrative credentials.
But assuming a miscreant can steal or buy these admin logins, they can essentially fully and quietly take over your equipment even after you think you've managed to keep them out. It's worth noting that NCC Group blamed last year's surge in ransomware attacks partly on compromised credentials, so it's not like these are too difficult to obtain. Rogue insiders can also abuse these holes, of course.
