CVE-2025-20125

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 5.3

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:identity_services_engine::::::::
	cpe:2.3:a:cisco:identity_services_engine:3.1.0:-::::::
	cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch1::::::
	cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch2::::::
	cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch3::::::
	cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch4::::::
	cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch5::::::
	cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch6::::::
	cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch7::::::
	cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch8::::::
	cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch9::::::
	cpe:2.3:a:cisco:identity_services_engine:3.2.0:-::::::
	cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1::::::
	cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2::::::
	cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3::::::
	cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4::::::
	cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5::::::
	cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:-::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3::::::

History

28 Mar 2025, 13:37

Type	Values Removed	Values Added
CPE		cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:::::: cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch7:::::: cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:::::: cpe:2.3:a:cisco:identity_services_engine:3.1.0:-:::::: cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:::::: cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:::::: cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:::::: cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch1:::::: cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:::::: cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch2:::::: cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch9:::::: cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch5:::::: cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:::::: cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch4:::::: cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch6:::::: cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch8:::::: cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:::::: cpe:2.3:a:cisco:identity_services_engine:::::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:::::: cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch3::::::
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF - Vendor Advisory
CWE		CWE-862
Summary		(es) Una vulnerabilidad en una API de Cisco ISE podría permitir que un atacante remoto autenticado con credenciales válidas de solo lectura obtenga información confidencial, cambie las configuraciones de los nodos y reinicie el nodo. Esta vulnerabilidad se debe a la falta de autorización en una API específica y a una validación incorrecta de los datos proporcionados por el usuario. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud HTTP manipulada a una API específica en el dispositivo. Una explotación exitosa podría permitir al atacante obtener información, modificar la configuración del sistema y recargar el dispositivo. Nota: Para aprovechar esta vulnerabilidad con éxito, el atacante debe tener credenciales administrativas válidas de solo lectura. En una implementación de un solo nodo, los dispositivos nuevos no podrán autenticarse durante el tiempo de recarga.
First Time		Cisco Cisco identity Services Engine

05 Feb 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-05 17:15

Updated : 2025-03-28 13:37

NVD link : CVE-2025-20125

Mitre link : CVE-2025-20125

CVE.ORG link : CVE-2025-20125

JSON object : View

Products Affected

cisco

identity_services_engine

CWE

CWE-285

Improper Authorization

CWE-862

Missing Authorization

9.1 /10