CVE-2024-20476Client-Side Enforcement of Server-Side Security in Cisco Identity Services Engine

CWE-602Client-Side Enforcement of Server-Side SecurityCWE-79Cross-site Scripting4 documents4 sources
Severity
4.9MEDIUMNVD
CNA4.3
EPSS
0.0%
top 90.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Identity Services EngineCisco Identity Services Engine Software
Timeline
PublishedNov 6

Description

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload files to a location that should be restricted. To exploi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Cisco Identity Services Engine Authorization Bypass Vulnerability2024-11-06
GHSA
GHSA-8xq5-r7g5-m3f8: A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanism2024-11-06

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Vulnerabilities2024-11-06
CVE-2024-20476 — Cisco vulnerability | cvebase