{"id":10451,"date":"2025-07-23T12:33:46","date_gmt":"2025-07-23T05:33:46","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10451"},"modified":"2026-02-05T12:33:53","modified_gmt":"2026-02-05T05:33:53","slug":"cisco-giong-chuong-bao-dong-lo-hong-ise-cho-phep-truy-cap-root-khong-xac-thuc","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/07\/23\/cisco-giong-chuong-bao-dong-lo-hong-ise-cho-phep-truy-cap-root-khong-xac-thuc\/","title":{"rendered":"Cisco gi\u00f3ng chu\u00f4ng b\u00e1o \u0111\u1ed9ng: L\u1ed7 h\u1ed5ng ISE cho ph\u00e9p truy c\u1eadp Root kh\u00f4ng x\u00e1c th\u1ef1c"},"content":{"rendered":"<p><b>Cu\u1ed1i m\u00f9a h\u00e8 2025, con d\u00e2n an ninh m\u1ea1ng l\u1ea1i ti\u1ebfp t\u1ee5c ch\u1ee9ng ki\u1ebfn l\u00e0n s\u00f3ng t\u1ea5n c\u00f4ng m\u1ea1ng m\u1edbi nh\u1eafm th\u1eb3ng v\u00e0o \u201ctr\u00e1i tim\u201d h\u1ec7 th\u1ed1ng ki\u1ec3m so\u00e1t truy c\u1eadp m\u1ea1ng doanh nghi\u1ec7p. Cisco v\u1eeba x\u00e1c nh\u1eadn c\u00e1c l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong n\u1ec1n t\u1ea3ng Identity Services Engine (ISE) v\u00e0 ISE Passive Identity Connector (ISE-PIC) \u0111ang b\u1ecb khai th\u00e1c th\u1ef1c t\u1ebf.<\/b><\/p>\n<p>C\u00e1c chuy\u00ean gia cho bi\u1ebft: M\u1ed9t s\u1ed1 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt trong ISE \u0111\u00e3 b\u1ecb tin t\u1eb7c nh\u1eafm \u0111\u1ebfn v\u00e0 t\u1ea5n c\u00f4ng trong k\u1ec3 t\u1eeb th\u00e1ng 7\/2025. D\u00f9 kh\u00f4ng c\u00f4ng b\u1ed1 c\u1ee5 th\u1ec3 nh\u00f3m tin t\u1eb7c n\u00e0o \u0111ang th\u1ef1c hi\u1ec7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng hay ph\u1ea1m vi \u1ea3nh h\u01b0\u1edfng, nh\u01b0ng t\u00ednh ch\u1ea5t nghi\u00eam tr\u1ecdng c\u1ee7a c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u00e3 khi\u1ebfn c\u1ed9ng \u0111\u1ed3ng b\u1ea3o m\u1eadt to\u00e0n c\u1ea7u ph\u1ea3i \u0111\u1eb7c bi\u1ec7t quan t\u00e2m.<\/p>\n<div style=\"text-align: center\">\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1753251189698.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1753251189698-png.17356\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img fetchpriority=\"high\" decoding=\"async\" class=\"bbImage\" title=\"1753251189698.png\" src=\"https:\/\/whitehat.vn\/attachments\/1753251189698-png.17356\/\" alt=\"1753251189698.png\" width=\"728\" height=\"380\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<\/div>\n<h3>&#8220;N\u1ea1n nh\u00e2n&#8221; l\u00e0 ISE\u200b<\/h3>\n<p>Cisco ISE \u0111\u00f3ng vai tr\u00f2 then ch\u1ed1t trong vi\u1ec7c ki\u1ec3m so\u00e1t ai v\u00e0 thi\u1ebft b\u1ecb n\u00e0o \u0111\u01b0\u1ee3c ph\u00e9p truy c\u1eadp v\u00e0o m\u1ea1ng n\u1ed9i b\u1ed9 doanh nghi\u1ec7p. M\u1ed9t khi b\u1ecb t\u1ea5n c\u00f4ng, h\u1ec7 th\u1ed1ng n\u00e0y c\u00f3 th\u1ec3 bi\u1ebfn t\u1eeb c\u00f4ng c\u1ee5 qu\u1ea3n l\u00fd th\u00e0nh c\u00e1nh c\u1ed5ng m\u1edf toang d\u1eabn tin t\u1eb7c v\u00e0o s\u00e2u b\u00ean trong m\u1ea1ng n\u1ed9i b\u1ed9 m\u00e0 kh\u00f4ng c\u1ea7n qua b\u01b0\u1edbc x\u00e1c th\u1ef1c n\u00e0o.<\/p>\n<p>Ba l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng (CVSS 10,0) \u0111\u01b0\u1ee3c n\u00eau r\u00f5 bao g\u1ed3m:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">CVE-2025-20281 v\u00e0 CVE-2025-20337: Xu\u1ea5t ph\u00e1t t\u1eeb vi\u1ec7c x\u00e1c th\u1ef1c \u0111\u1ea7u v\u00e0o kh\u00f4ng \u0111\u1ea7y \u0111\u1ee7 trong m\u1ed9t API c\u1ee5 th\u1ec3, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng t\u1eeb xa ch\u01b0a x\u00e1c th\u1ef1c th\u1ef1c thi m\u00e3 \u0111\u1ed9c v\u1edbi quy\u1ec1n root.<\/li>\n<li data-xf-list-type=\"ul\">CVE-2025-20282: Cho ph\u00e9p t\u1ea3i l\u00ean v\u00e0 th\u1ef1c thi t\u1ec7p \u0111\u1ed9c h\u1ea1i v\u00e0o c\u00e1c th\u01b0 m\u1ee5c \u0111\u1eb7c quy\u1ec1n tr\u00ean h\u1ec7 \u0111i\u1ec1u h\u00e0nh do thi\u1ebfu ki\u1ec3m tra \u0111\u1ed1i v\u1edbi c\u00e1c t\u1ec7p \u0111\u01b0\u1ee3c upload qua API n\u1ed9i b\u1ed9.<\/li>\n<\/ul>\n<p>Ch\u1ec9 c\u1ea7n m\u1ed9t y\u00eau c\u1ea7u API \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf tinh vi ho\u1eb7c m\u1ed9t t\u1ec7p \u0111\u1ed9c h\u1ea1i \u0111\u01b0\u1ee3c t\u1ea3i l\u00ean \u0111\u00fang c\u00e1ch, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 chi\u1ebfm to\u00e0n quy\u1ec1n ki\u1ec3m so\u00e1t h\u1ec7 th\u1ed1ng. \u0110\u1eb7c bi\u1ec7t nguy hi\u1ec3m v\u00ec kh\u00f4ng y\u00eau c\u1ea7u \u0111\u0103ng nh\u1eadp, kh\u00f4ng x\u00e1c th\u1ef1c, ch\u1ec9 c\u1ea7n h\u1ec7 th\u1ed1ng ch\u01b0a \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt b\u1ea3n v\u00e1.<\/p>\n<h3>Doanh nghi\u1ec7p c\u1ea7n h\u00e0nh \u0111\u1ed9ng ngay\u200b<\/h3>\n<p>Tr\u01b0\u1edbc t\u00ecnh tr\u1ea1ng b\u1ecb khai th\u00e1c ch\u1ee7 \u0111\u1ed9ng, Cisco k\u00eau g\u1ecdi t\u1ea5t c\u1ea3 kh\u00e1ch h\u00e0ng:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">N\u00e2ng c\u1ea5p ngay l\u00ean b\u1ea3n ph\u1ea7n m\u1ec1m \u0111\u00e3 \u0111\u01b0\u1ee3c v\u00e1 l\u1ed7i<\/li>\n<li data-xf-list-type=\"ul\">Ki\u1ec3m tra log h\u1ec7 th\u1ed1ng \u0111\u1ec3 ph\u00e1t hi\u1ec7n h\u00e0nh vi b\u1ea5t th\u01b0\u1eddng li\u00ean quan \u0111\u1ebfn API ho\u1eb7c c\u00e1c t\u1ec7p \u0111\u01b0\u1ee3c t\u1ea3i l\u00ean tr\u00e1i ph\u00e9p, nh\u1ea5t l\u00e0 trong c\u00e1c tri\u1ec3n khai ISE c\u00f3 ti\u1ebfp x\u00fac v\u1edbi internet<\/li>\n<\/ul>\n<p>Vi\u1ec7c ch\u1eadm tr\u1ec5 c\u1eadp nh\u1eadt c\u00f3 th\u1ec3 khi\u1ebfn doanh nghi\u1ec7p ph\u1ea3i \u0111\u1ed1i m\u1eb7t v\u1edbi r\u1ee7i ro m\u1ea5t to\u00e0n quy\u1ec1n ki\u1ec3m so\u00e1t h\u1ea1 t\u1ea7ng m\u1ea1ng, m\u1ed9t nguy c\u01a1 \u0111\u1eb7c bi\u1ec7t nghi\u00eam tr\u1ecdng trong c\u00e1c m\u00f4i tr\u01b0\u1eddng c\u1ea7n tu\u00e2n th\u1ee7 quy \u0111\u1ecbnh b\u1ea3o m\u1eadt nghi\u00eam ng\u1eb7t.<\/p>\n<div style=\"text-align: right\"><b><i>Theo The Hacker News<\/i><\/b>\u200b<\/div>\n<div style=\"text-align: right;margin-top: 16px\"><i>Theo: <a href=\"https:\/\/whitehat.vn\/threads\/cisco-giong-chuong-bao-dong-lo-hong-ise-cho-phep-truy-cap-root-khong-xac-thuc.18593\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/whitehat.vn\/threads\/cisco-giong-chuong-bao-dong-lo-hong-ise-cho-phep-truy-cap-root-khong-xac-thuc.18593\/<\/a><\/i><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cu\u1ed1i m\u00f9a h\u00e8 2025, con d\u00e2n an ninh m\u1ea1ng l\u1ea1i ti\u1ebfp t\u1ee5c ch\u1ee9ng ki\u1ebfn l\u00e0n s\u00f3ng t\u1ea5n c\u00f4ng m\u1ea1ng m\u1edbi nh\u1eafm th\u1eb3ng v\u00e0o \u201ctr\u00e1i tim\u201d h\u1ec7 th\u1ed1ng ki\u1ec3m so\u00e1t truy c\u1eadp m\u1ea1ng doanh nghi\u1ec7p. Cisco v\u1eeba x\u00e1c nh\u1eadn c\u00e1c l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong n\u1ec1n t\u1ea3ng Identity Services Engine (ISE) v\u00e0 ISE Passive Identity Connector [&hellip;]<\/p>\n","protected":false},"author":46,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-10451","post","type-post","status-publish","format-standard","hentry","category-tin-tuc-cua-vien"],"_links":{"self":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/comments?post=10451"}],"version-history":[{"count":0,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10451\/revisions"}],"wp:attachment":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/media?parent=10451"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/categories?post=10451"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/tags?post=10451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}