DeeperML - #Vulnerability

Cisco has released patches to address two critical remote code execution vulnerabilities in its Identity Services Engine (ISE). The flaws, tracked as CVE-2025-20124 (CVSS score 9.9) and CVE-2025-20125 (CVSS score 9.1), could allow a remote attacker with read-only administrative privileges to execute arbitrary commands on affected devices. The vulnerabilities could prevent privilege escalation and system configuration changes.

The first vulnerability, CVE-2025-20124, is due to insecure deserialization of user-supplied Java byte streams, allowing attackers to execute arbitrary commands and elevate privileges by sending a crafted serialized Java object to an affected API. The second, CVE-2025-20125, is an authorization bypass issue that could allow attackers to obtain sensitive information, modify system configurations, and restart the node by sending a crafted HTTP request to a specific API. Cisco warns that there are no workarounds, advising customers to migrate to a fixed software release as soon as possible.


References :

• securityaffairs.com: Cisco addressed critical flaws in Identity Services Engine, preventing privilege escalation and system configuration changes.
• securityonline.info: CVE-2025-20124 (CVSS 9.9) & CVE-2025-20125 (CVSS 9.1): Cisco Patches Critical Flaws in Identity Services Engine
• ciso2ciso.com: Cisco addressed two critical flaws in its Identity Services Engine (ISE) – Source: securityaffairs.com
• ciso2ciso.com: Cisco addressed two critical flaws in its Identity Services Engine (ISE) – Source: securityaffairs.com
• securityonline.info: Cisco has issued a security advisory addressing two critical vulnerabilities in its Identity Services Engine (ISE), a network
• Pyrzout :vm:: Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities – Source:sec.cloudapps.cisco.com #'Cyber
• BleepingComputer: Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root.
• socradar.io: Critical Cisco ISE Vulnerabilities Patched: CVE-2025-20124 & CVE-2025-20125
• The Hacker News: Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
• www.csoonline.com: Cisco’s ISE bugs could allow root-level command execution
• www.bleepingcomputer.com: Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root.
• ciso2ciso.com: Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc – Source:thehackernews.com
• ciso2ciso.com: Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc – Source:thehackernews.com
• ciso2ciso.com: Cisco’s ISE bugs could allow root-level command execution – Source: www.csoonline.com

Classification:

• HashTags: #CiscoISE #Vulnerability #Cybersecurity
• Company: Cisco
• Target: Cisco ISE Systems
• Product: ISE
• Feature: Remote Code Execution
• Type: Vulnerability
• Severity: Critical

A high-severity security vulnerability, identified as CVE-2024-56161, has been discovered in AMD's Secure Encrypted Virtualization (SEV), specifically impacting SEV-SNP-powered systems. The flaw allows an attacker with local administrator privileges to inject malicious CPU microcode due to improper signature verification in the AMD CPU ROM microcode patch loader. Successfully exploiting this vulnerability could lead to the loss of confidentiality and integrity of confidential guests running under AMD SEV-SNP, potentially compromising virtual machine guests and exposing sensitive workloads. The vulnerability has been assigned a CVSS score of 7.2 out of 10.0, indicating a high level of severity.

AMD has released security advisories and provided mitigations through updated microcode and SEV firmware releases. System administrators are strongly advised to apply the latest Platform Initialization (PI) updates and ensure their BIOS firmware contains the necessary fixes to prevent exploitation of CVE-2024-56161. The vulnerability was responsibly disclosed to AMD by Google security researchers, including Josh Eads, Kristoffer Janke, Eduardo Vela, Tavis Ormandy, and Matteo Rizzo. AMD credited the Google team and has taken steps to deliver mitigations promptly. Organizations utilizing AMD EPYC processors with SEV-enabled workloads should immediately contact their Original Equipment Manufacturer (OEM).


References :

• ciso2ciso.com: AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access – Source:thehackernews.com
• : AMD security advisories 03 February 2025: CVE-2024-56161 (7.2 high) improper signature verification in AMD CPU ROM microcode patch loader could lead to the loss of SEV-based protection of a confidential guest.
• cyberpress.org: AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
• The Hacker News: AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
• ciso2ciso.com: AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
• Cyber Security News: An AMD vulnerability (CVE-2024-56161) enables malicious microcode injection under specific circumstances.
• socca.tech: Vulnerability Assessment Report: CVE-2024-56161 Vulnerability Overview Description CVE-2024-56161 refers to an improper signature verification vulnerability found in the AMD CPU ROM microcode patch loader.
• securityaffairs.com: AMD fixed a flaw that allowed to load malicious microcode
• Cyber Security News: Cybersecuritynews article detailing the AMD SEV vulnerability allowing malicious microcode injection.
• : Improper signature verification in AMD CPU ROM's microcode patch loader leads to a security vulnerability.

Classification:

• HashTags: #AMD #Vulnerability #SEV-SNP
• Company: AMD
• Target: Confidential Guests
• Product: SEV-SNP
• Feature: Microcode Injection
• Type: Vulnerability
• Severity: High