CVE-2024-20251
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-20251 is a newly discovered vulnerability affecting the web-based management interface of Cisco Identity Services Engine (ISE). This issue permits authenticated, remote attackers to execute stored cross-site scripting (XSS) attacks against users of the interface on vulnerable devices. The root cause of this vulnerability lies in the interface's inability to properly validate user-supplied input. An adversary can exploit this weakness by injecting malicious code into certain pages of the interface. A successful exploit may lead to the execution of arbitrary script code in the context of the affected interface or the unauthorized access of sensitive browser-based information.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Identity Services Engine
Affected Vendors
- Cisco Systems Inc
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions