Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN452 _____________________________________________________________________ DATE : 16/07/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Identity Services Engine, Cisco Unified Intelligence Center, Cisco Prime Infrastructure. ===================================================================== https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-ssrf-JSuDjeV https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-piepnm-bsi-25JJqsbb _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2025-July-16. The following PSIRT security advisories (1 Critical, 1 High, 3 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities - SIR: Critical 2) Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability - SIR: High 3) Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities - SIR: Medium 4) Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability - SIR: Medium 5) Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities CVE-2025-20281, CVE-2025-20282, CVE-2025-20337 SIR: Critical CVSS Score v(3.1): 10.0 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6"] +-------------------------------------------------------------------- 2) Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability CVE-2025-20274 SIR: High CVSS Score v(3.1): 6.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm"] +-------------------------------------------------------------------- 3) Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities CVE-2025-20283, CVE-2025-20284, CVE-2025-20285 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO"] +-------------------------------------------------------------------- 4) Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability CVE-2025-20288 SIR: Medium CVSS Score v(3.1): 5.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-ssrf-JSuDjeV ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-ssrf-JSuDjeV"] +-------------------------------------------------------------------- 5) Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability CVE-2025-20272 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-piepnm-bsi-25JJqsbb ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-piepnm-bsi-25JJqsbb"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================