CVE-2024-20525
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-20525 is a newly disclosed vulnerability affecting the web-based management interface of Cisco Identity Services Engine (ISE). This issue permits an unauthenticated, remote attacker to execute Cross-Site Scripting (XSS) attacks against users of the interface. The vulnerability stems from the interface's failure to adequately validate user-supplied input. An attacker can exploit this flaw by crafting a malicious link, which, if clicked by an unsuspecting user, could allow the attacker to inject and execute arbitrary script code within the affected interface or access sensitive data.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Identity Services Engine
Affected Vendors
- Cisco Systems Inc