CVE-2024-20537

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 6, 2024
CWE ID 863

Summary

CVE-2024-20537 is a vulnerability in the web-based management interface of Cisco ISE that enables authenticated, remote attackers to bypass authorization mechanisms for certain administrative functions. This issue arises due to insufficient server-side validation of Administrator permissions. An adversary could exploit this flaw by crafting and submitting malicious HTTP requests. A successful exploitation could grant the attacker unrestricted access to administrative functions, surpassing their intended level of access. To leverage this vulnerability, an attacker would require Read-Only Administrator credentials.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco Identity Services Engine

Affected Vendors

  • Cisco Systems Inc