A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface on an affected system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
History

Wed, 20 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco identity Services Engine
CPEs cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch8:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch8:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch9:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*
Vendors & Products Cisco
Cisco identity Services Engine

Wed, 06 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 06 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface on an affected system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Title Cisco Identity Services Engine Cross-Site Scripting Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-11-06T16:31:55.462Z

Updated: 2024-11-06T16:58:58.730Z

Reserved: 2023-11-08T15:08:07.693Z

Link: CVE-2024-20538

cve-icon Vulnrichment

Updated: 2024-11-06T16:58:54.691Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-06T17:15:19.563

Modified: 2024-11-20T14:36:01.810

Link: CVE-2024-20538

cve-icon Redhat

No data.