1.0 Introduction
Recently, Cisco Security has issued security advisories addressing two critical unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC).
2.0 Impact
These vulnerabilities could allow remote attackers to execute arbitrary commands as root on the underlying operating system without authentication.
3.0 Affected Products
- Cisco ISE or ISE-PIC version 3.2 and earlier
- Cisco ISE or ISE-PIC version 3.3 and later
-
Cisco ISE or ISE-PIC version 3.4 only
4.0 Recommendation
CyberSecurity Malaysia urges users and organisations to review the
Cisco Security Updates
, follow the Mitigation steps and apply the necessary updates.
Kindly refer to the URL for more information:
Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17.30 MYT
Web:
https://www.cybersecurity.my
5.0 References
- https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-security-advisories-list.html
- https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-ise-unauth-rce-ZAd2GnJ6.html#details
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6