Today > | 4 High | 23 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-20466

Sept. 11, 2024, 4:15 p.m.

CVSS Score

6.5 / 10

Product(s) Impacted

Cisco Identity Services Engine (ISE)

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.

Weaknesses

CWE-266
Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CWE ID: 266

Date

Published: Aug. 21, 2024, 8:15 p.m.

Last Modified: Sept. 11, 2024, 4:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

ykramarz@cisco.com

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

Base Score
6.5
Exploitability Score
2.8
Impact Score
3.6
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References