CNNVD-202508-2494 Information
CNNVD ID
CNNVD-202508-2494
Related CVE
- CNNVD Published: 2025-08-20
Description (Chinese)
Cisco Identity Services Engine(Cisco ISE)是美国思科(Cisco)公司的一款环境感知平台(ISE身份服务引擎)。该平台通过收集网络、用户和设备中的实时信息,制定并实施相应策略来监管网络。 Cisco Identity Services Engine(Cisco ISE)存在安全漏洞,该漏洞源于文件复制功能验证不足,可能导致特权用户上传任意文件。
Description (English)
Cisco Information Services Engineering (Cisco ISE) is an environmental awareness platform for Cisco companies. The platform regulates networks by collecting real-time information from networks, users and equipment and developing and implementing strategies. There is a security loophole in Cisco Service Services Engineering (Cisco ISE), which stems from the inadequate verification of the document reproduction function, which may lead to the uploading of any file by privileged users.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Citadel
Published
2025-08-20
Last Modified
2026-02-24
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-qksX6C8g https://nvd.nist.gov/vuln/detail/CVE-2025-20131