Detections
Analytics

Cisco Identity Services Engine (cisco-sa-ise-auth-bypass-mVfKVQAU)

medium Nessus Plugin ID 240487

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco ISE is affected by a vulnerability.

 - A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online.
 (CVE-2025-20264)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwm59423

See Also

http://www.nessus.org/u?40c0ab72

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwm59423

Plugin Details

Severity: Medium

ID: 240487

File Name: cisco-sa-ise-auth-bypass-mVfKVQAU.nasl

Version: 1.1

Type: local

Family: CISCO

Published: 6/25/2025

Updated: 6/25/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS Score Source: CVE-2025-20264

CVSS v3

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:cisco:identity_services_engine, cpe:/a:cisco:identity_services_engine, cpe:/a:cisco:identity_services_engine_software

Required KB Items: Host/Cisco/ISE/version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/25/2025

Vulnerability Publication Date: 6/25/2025

Reference Information

CVE: CVE-2025-20264