Primary

Context

Cisco Identity Services Engine Arbitrary File Upload Vulnerability

Vulnerability

Patched

A vulnerability exists in the Cisco Identity Services Engine (ISE) GUI, allowing authenticated, remote attackers with administrative privileges to upload files to affected devices. This issue arises from improper validation in the file copy function. Exploitation of this vulnerability could enable the upload of arbitrary files to the system.

Impact

Successful exploitation allows for arbitrary file uploads to the affected system.

Remediation

Cisco has released software updates to address this vulnerability. For information on which releases include the fix, consult the Cisco ISE advisory or the Cisco Security Advisories page.

Added: Aug 20, 2025, 5:37 PM

Updated: Aug 20, 2025, 5:37 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.4

remediation

8.3

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.4

remediation

8.3

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Identity Services Engine Arbitrary File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Identity Services Engine

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating