CNNVD-202507-2261 Information

CNNVD ID

CNNVD-202507-2261

Related CVE

CVE-2025-20337

• CNNVD Published: 2025-07-16

Description (Chinese)

Cisco ISE和Cisco ISE-PIC都是美国思科（Cisco）公司的产品。Cisco ISE是一个 NAC 解决方案。用于管理零信任架构中的端点、用户和设备对网络资源的访问。Cisco ISE-PIC是一个组件。 Cisco ISE和Cisco ISE-PIC存在注入漏洞，该漏洞源于用户输入验证不足，可能导致未经验证的远程攻击者以root权限执行任意代码。

Description (English)

Cisco ISE and Cisco ISE-PIC are all Cisco products. Cisco ISE is a NAC solution. To manage endpoints, users and equipment access to network resources in the zero confidence architecture. Cisco ISE-PIC is a component. Cisco ISE and Cisco ISE-PIC had an injection loophole, which stemmed from a lack of user input validation, which could lead uncertified remote assailants to enforce random codes with root privileges.

Hazard Level

Low

Vulnerability Type

注入

Affected Vendor

思科

Published

2025-07-16

Last Modified

2026-02-24

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6

Patch

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO