CVE-2024-20529

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 6, 2024

CWE ID 22

Summary

CVE-2024-20529 is a vulnerability affecting the API of Cisco ISE. This issue allows authenticated, remote attackers with valid Super Admin credentials to read and delete arbitrary files on an impacted device. The vulnerability arises from insufficient validation of user-supplied parameters in API requests. An attacker can exploit this flaw by sending a specially crafted API request, potentially leading to unintended file manipulation on the underlying operating system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco Identity Services Engine

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0RacBw
https://www.cve.org/CVERecord?id=CVE-2024-20529
https://nvd.nist.gov/vuln/detail/CVE-2024-20529

Back to Vulnerability Database