CVE-2024-20417
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-20417 identifies multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) that enable authenticated, remote attackers to perform blind SQL injection attacks due to inadequate validation of user-supplied input. Affected products include various models within the Cisco ISE family, where an attacker could exploit these vulnerabilities by sending specially crafted input. Successful exploitation could lead to unauthorized access and modification of data on the affected devices, posing a medium severity risk with high impacts on confidentiality and integrity. To remediate this issue, organizations should apply necessary security patches and updates provided by Cisco. The vulnerabilities require high privileges for exploitation but do not necessitate user interaction, making them particularly concerning for network security.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.