CVE-2024-50343
CVSS 3.1 Score 3.1 of 10 (low)
Details
Summary
CVE-2024-20531 is a vulnerability affecting the API of Cisco ISE. It enables authenticated, remote attackers to read arbitrary files on the underlying operating system and perform Server-Side Request Forgery (SSRF) attacks if they possess valid Super Admin credentials. The root cause of this vulnerability is the inadequate handling of XML External Entity (XXE) entries during XML input parsing. An attacker can exploit it by crafting a malicious API request, which, if successful, could grant unauthorized file access or facilitate SSRF attacks on the affected device.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.