A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials on an affected device.
History

Fri, 22 Nov 2024 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco identity Services Engine
CPEs cpe:2.3:a:cisco:identity_services_engine:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch8:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch8:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*
Vendors & Products Cisco
Cisco identity Services Engine

Wed, 06 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 06 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials on an affected device.
Title Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-11-06T16:32:04.314Z

Updated: 2024-11-06T16:58:37.578Z

Reserved: 2023-11-08T15:08:07.693Z

Link: CVE-2024-20539

cve-icon Vulnrichment

Updated: 2024-11-06T16:58:33.306Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-06T17:15:19.767

Modified: 2024-11-22T19:42:09.633

Link: CVE-2024-20539

cve-icon Redhat

No data.