Alert Issued by CISA Regarding Uncovered Critical Flaws in Cisco's Identity Services Engine

In a recent update, the US Cybersecurity and Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on July 28. Two of these vulnerabilities affect the Cisco Identity Services Engine (ISE) Software, a network security policy management platform, while the third affects PaperCut Next Generation (NG) and Multi-Function (MF), print management software solutions.

The two highly critical vulnerabilities in Cisco ISE, tracked as CVE-2025-20281 and CVE-2025-20337, were discovered by security researchers working with the Trend Micro Zero Day Initiative. These vulnerabilities were identified due to insufficient validation of a user-supplied input in a specific API of Cisco ISE and Cisco ISE Passive Identity Connector (ISE-PIC). Attackers can exploit each vulnerability by submitting a crafted API request, which can lead to an unauthenticated, remote attacker executing arbitrary code on the underlying operating system as root.

CVE-2025-20281 affects Cisco ISE versions 3.3.0, 3.3 Patch 2, 3.3 Patch 1, 3.3 Patch 3, 3.4.0, 3.3 Patch 4, 3.4 Patch 1, 3.3 Patch 5, and 3.3 Patch 6. On the other hand, CVE-2025-20337 also affects Cisco ISE-PIC versions 3.1.0, 3.2.0, 3.3.0, and 3.4.0.

The third vulnerability added to CISA's KEV list on July 28, CVE-2023-2533, is a high-severity cross-site request forgery (CSRF) vulnerability. This vulnerability affects PaperCut Next Generation (NG) and Multi-Function (MF), which are designed to help organizations control, monitor, and optimize printing, copying, scanning, and faxing across their networks.

Cisco has released patches for each affected version of Cisco ISE and Cisco ISE-PIC. No workaround is available besides applying the patches for these vulnerabilities. Cisco Product Security Incident Response Team (PSIRT) has reported attempted exploitation of both vulnerabilities in the wild.

CISA has set August 18 as the deadline for remediation, requiring organizations to address these critical security vulnerabilities within the next three weeks. However, no search results specify which organization set the August 18 deadline for fixing the three critical security vulnerabilities in Cisco Identity Services Engine, PaperCut Next Generation, and Multi-Function.

In conclusion, it is crucial for organizations using Cisco ISE, Cisco ISE-PIC, PaperCut Next Generation, or Multi-Function to update their systems to the latest patched versions to mitigate these critical security vulnerabilities.

Alert Issued by CISA Regarding Uncovered Critical Flaws in Cisco's Identity Services Engine