CVE-2024-20539

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 6, 2024

CWE ID 79

Summary

CVE-2024-20539 is a stored XSS vulnerability in the web-based management interface of Cisco ISE. This issue stems from insufficient input validation, enabling authenticated, remote attackers to inject malicious code into the interface. Successful exploitation could allow an attacker to execute arbitrary script code or access sensitive browser-based information. To take advantage of this weakness, an attacker must possess valid administrative credentials on an affected device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco Identity Services Engine

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0Rawr9
https://www.cve.org/CVERecord?id=CVE-2024-20539
https://nvd.nist.gov/vuln/detail/CVE-2024-20539

Back to Vulnerability Database