CVE-2024-20469

CVSS 3.1 Score 6.0 of 10 (medium)

Details

Published Sep 4, 2024
Updated: Sep 5, 2024
CWE ID 78

Summary

CVE-2024-20469 is a vulnerability affecting Cisco Identity Services Engine (ISE) that allows authenticated local attackers to conduct command injection attacks, potentially escalating privileges to root. This issue arises from inadequate validation of user-supplied input in certain CLI commands, enabling attackers with valid Administrator privileges to exploit the vulnerability by submitting specially crafted commands. The potential ramifications include significant impacts on the confidentiality and integrity of the affected system. To remediate this vulnerability, organizations should apply any available patches from Cisco as outlined in their security advisory. The CVSS base score for this vulnerability is 6.0, indicating a medium severity level with high integrity and confidentiality impacts.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share