关联漏洞
标题:Cisco ISE和Cisco ISE-PIC 注入漏洞 (CVE-2025-20337)描述:Cisco ISE和Cisco ISE-PIC都是美国思科(Cisco)公司的产品。Cisco ISE是一个 NAC 解决方案。用于管理零信任架构中的端点、用户和设备对网络资源的访问。Cisco ISE-PIC是一个组件。 Cisco ISE和Cisco ISE-PIC存在注入漏洞,该漏洞源于用户输入验证不足,可能导致未经验证的远程攻击者以root权限执行任意代码。
描述
CVE-2025-20337
介绍
# 🚨 **CVE-2025-20337: Critical Cisco ISE RCE Vulnerability** 🚨
Hey there! 👋 Let's dive into **CVE-2025-20337** – a **maximum severity (CVSS 10.0)** unauthenticated remote code execution (RCE) bug that's been **exploited in the wild** by attackers! 😱 This affects **Cisco Identity Services Engine (ISE)** and **ISE Passive Identity Connector (PIC)**. Time to **patch ASAP**! 🛡️
## 📋 **Quick Overview**
- **Severity**: **CRITICAL** (CVSS 10.0) 🔥
- **Published**: July 15, 2025 📅
- **Affected Products**: Cisco ISE (versions 3.1–3.4) & ISE-PIC ⚙️
- **Attack Vector**: Network (remote, no auth needed) 🌐
- **Impact**: Full **root access** – execute arbitrary commands! 💥
- **Exploited?**: **YES** – Active attacks reported since July 2025! ⚡
## 🐛 **What Went Wrong?**
Insufficient validation of user-supplied input in a **specific API endpoint**. Attackers send **malicious payloads** to trigger **deserialization flaws**, leading to **arbitrary code execution as root**. No login required! 🚪🔓
**Root Cause**: Tied to StrongSwan tunnel handling – untrusted data deserialization. 😤
## 🎯 **Affected Versions**
| Product | Vulnerable Versions | Fixed In |
|---------------|------------------------------|---------------------------|
| **Cisco ISE** | 3.1 – 3.3 Patch 6<br>3.4 Patch 0 | **3.3 Patch 7**<br>**3.4 Patch 2** |
| **ISE-PIC** | All versions up to latest | **Latest patches** |
*Note*: Some **hot patches** (e.g., CSCwo99449) **DO NOT fix this** – upgrade fully! ❌➡️✅
## 🛡️ **How to Fix It – Step-by-Step**
1. **Upgrade Immediately**:
- ISE: To **3.3 Patch 7** or **3.4 Patch 2** 📦
- Download: [Cisco Software Download](https://software.cisco.com) 🔗
2. **Apply Patches**: Use CLI – `application upgrade <file>` 🛠️
3. **Verify**: Run `show version active` to confirm! ✅
4. **Interim**: Restrict API access via firewalls if upgrade delayed. 🧱
5. **Monitor Logs**: Watch for suspicious API calls! 👀
**Cisco Advisory**: [Full Details Here](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6) 📖
## 🌍 **Real-World Exploitation**
- **First Sightings**: July 2025 – APT groups targeting **identity systems**! 🕵️♂️
- **Paired Attacks**: Often with **CVE-2025-5777** (Citrix) for **full compromise**. 🔗
- **Amazon Alert**: Confirmed exploits granting **admin access**. (Nov 13, 2025) 🆕
- **CISA KEV**: Added to Known Exploited Vulnerabilities catalog! ⚠️
```
nuclei -t CVE-2025-20337.yaml -u https://your-ise.com -v
```
**Proof-of-Concept**: Available on GitHub (use ethically!) – [Nuclei Template](https://github.com/projectdiscovery/nuclei-templates/issues/12858) 🧪
## 📈 **Stats & Trends**
- **Exploits**: **High** – Hackers love unauth RCE! 📊
- **Mitigation Success**: Patched systems = **0% exploit rate**. 💪
- **Similar Bugs**: Part of 3-vuln cluster (CVE-2025-20281, -20282). 👥
## ❗ **Pro Tips to Stay Safe**
- **Always Patch First**: Delay = Danger! ⏰
- **Network Segmentation**: Isolate ISE from internet. 🛡️
- **SIEM Alerts**: Monitor for anomalous root commands. 🚨
- **Backup Before Upgrade**: Murphy's Law! 💾
- **Hunt for IOCs**: Check logs for API abuse. 🔍
---
文件快照
[4.0K] /data/pocs/cc928677d3b402f5025f4366249e70397778ef21
├── [2.7K] CVE-2025-20337.yaml
└── [3.4K] README.md
1 directory, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。