topic Re: CSCwo99449 - ISE Unauthenticated Remote Code Execution Vulnerabili in Network Access Control

CSCwo99449 - ISE Unauthenticated Remote Code Execution Vulnerability

takuya.hokazono — Mon, 30 Jun 2025 06:59:17 GMT

Please clarify the requirements to mitigate the Vulnerability.
3.3.0.430-Patch6 is enough to mitigate the Vulnerability or required ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz even if ISE is work in 3.3.0.430-Patch6.

Re: CSCwo99449 - ISE Unauthenticated Remote Code Execution Vulnerabili

takuya.hokazono — Mon, 30 Jun 2025 07:03:56 GMT

No release note for P6 now but Patch 6 is fixed release in Bug search tool so I'm gonna patch up to P6. But it's helpful if someone answers to my question.
https://bst.cisco.com/bugsearch/bug/CSCwo99449

Re: CSCwo99449 - ISE Unauthenticated Remote Code Execution Vulnerabili

m-karasek — Thu, 17 Jul 2025 15:53:10 GMT

Hello,
From the new point of view, it looks that we need Patch 7. Does anybody know, what's wrong with the Patch 6, which has been found as not enough to repair the vulnerability? When we have P6 everywhere, are our ISE close to be safe, with just some minor problem, or it is the same vulnerable state, like before i patched everything from 4 to 6 ?

Re: CSCwo99449 - ISE Unauthenticated Remote Code Execution Vulnerabili

Marcelo Morais — Fri, 18 Jul 2025 05:50:26 GMT

Hi @takuya.hokazono ,

please take a look at: Cisco ISE related Vulnerability (CVE-2025-20281 & 20282 & 20337), pay special attention to the IMPORTANT part of the Article.

Hope this helps !!!

Re: CSCwo99449 - ISE Unauthenticated Remote Code Execution Vulnerabili

takuya.hokazono — Fri, 18 Jul 2025 07:50:17 GMT

@m-karasek
@Marcelo Morais Yes, our team is applying path 7 in the maintenance window. It's greate helpful attentions to me and my team.
Many thanks!
Takuya