VMware ESXi and Workstation Bugs Enable Host Code Execution
July 16, 2025How MDR Can Optimize Your SIEM Investment
July 17, 2025VMware ESXi and Workstation Bugs Enable Host Code Execution
July 16, 2025How MDR Can Optimize Your SIEM Investment
July 17, 2025Severity
Medium
Analysis Summary
CVE-2025-20337 CVSS:10
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
CVE-2025-20285 CVSS:4.1
Cisco Identity Services Engine could allow a remote authenticated attacker to bypass security restrictions, caused by improper enforcement of access controls that are configured using the IP Access Restriction feature. By logging in to the API from an unauthorized source IP address, an attacker could exploit this vulnerability to bypass configured IP access restrictions and log in to the device from a disallowed IP address.
CVE-2025-20288 CVSS:5.8
Cisco Unified Intelligence Center is vulnerable to server-side request forgery, caused by improper input validation for specific HTTP requests. By using a specially crafted HTTP request, an attacker could exploit this vulnerability to send arbitrary network requests that are sourced from the affected device and conduct SSRF attack.
CVE-2025-20284 CVSS:6.5
Cisco Identity Services Engine could allow a remote attacker to execute arbitrary code on the system, caused by insufficient validation of user-supplied input. By sending a specially crafted API request, an attacker could execute arbitrary code on the underlying operating system as root.
CVE-2025-20283 CVSS:6.5
Cisco Identity Services Engine could allow a remote attacker to execute arbitrary code on the system, caused by insufficient validation of user-supplied input. By sending a specially crafted API request, an attacker could execute arbitrary code on the underlying operating system as root.
CVE-2025-20274 CVSS:6.3
Cisco Unified Intelligence Center file could allow a remote attacker to upload arbitrary files on the system, caused by improper validation of files that are uploaded to the web-based management interface. By uploading arbitrary files to an affected device, an attacker could exploit this vulnerability to store malicious files on the system and execute arbitrary commands on the operating system.
CVE-2025-20272 CVSS:4.3
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) is vulnerable to SQL injection, caused by a vulnerability in a subset of REST APIs. A remote authenticated attacker could send specially crafted SQL statements to view data in some database tables on an affected device.
Impact
- Code Execution
- Security Bypass
- Gain Access
Indicators of Compromise
CVE
CVE-2025-20337
CVE-2025-20285
CVE-2025-20288
CVE-2025-20284
CVE-2025-20283
CVE-2025-20274
CVE-2025-20272
Affected Vendors
- Cisco
Affected Products
- Cisco Identity Services Engine Software 3.3.0
- Cisco Identity Services Engine Software 3.3 Patch 2
- Cisco Identity Services Engine Software 3.3 Patch 1
- Cisco Identity Services Engine Software 3.3 Patch 3
- Cisco Identity Services Engine Software 3.1.0
- Cisco Identity Services Engine Software 3.1.0 p1
- Cisco Identity Services Engine Software 3.1.0 p3
- Cisco Identity Services Engine Software 3.1.0 p2
- Cisco Unified Contact Center Express 10.6(1)
- Cisco Unified Contact Center Express 10.5(1)SU1
- Cisco Unified Contact Center Express 10.6(1)SU3
- Cisco Unified Contact Center Express 12.0(1)
- Cisco Evolved Programmable Network Manager (EPNM) 3.0.1
- Cisco Evolved Programmable Network Manager (EPNM) 3.1.2
- Cisco Evolved Programmable Network Manager (EPNM) 1.2
- Cisco Evolved Programmable Network Manager (EPNM) 3.1.1
Remediation
Refer to Cisco Website for patch, upgrade, or suggested workaround information.