CVE-2024-20251

Summary

CVE-2024-20251 is a newly discovered vulnerability affecting the web-based management interface of Cisco Identity Services Engine (ISE). This issue permits authenticated, remote attackers to execute stored cross-site scripting (XSS) attacks against users of the interface on vulnerable devices. The root cause of this vulnerability lies in the interface's inability to properly validate user-supplied input. An adversary can exploit this weakness by injecting malicious code into certain pages of the interface. A successful exploit may lead to the execution of arbitrary script code in the context of the affected interface or the unauthorized access of sensitive browser-based information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.