CVE-2024-20443
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-20443 is a vulnerability affecting the web-based management interface of Cisco ISE. This issue allows authenticated, remote attackers to execute cross-site scripting (XSS) attacks against users of the interface. The vulnerability arises due to insufficient input validation in the interface, enabling attackers to inject malicious code into certain pages. A successful exploit could result in the execution of arbitrary script code in the context of the affected interface or the accessing of sensitive browser-based information. To exploit this vulnerability, an attacker must have a low-privileged account on the targeted device.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Identity Services Engine
Affected Vendors
- Cisco Systems Inc