CVE-2024-20537

Summary

CVE-2024-20537 is a vulnerability affecting the web-based management interface of Cisco ISE. This issue permits authenticated, remote attackers to bypass authorization mechanisms for specific administrative functions. The root cause is insufficient server-side validation of Administrator permissions. Attackers could exploit the vulnerability by submitting a specially crafted HTTP request to an affected system. Successful exploitation allows an attacker to perform administrative functions beyond their intended access level, requiring only Read-Only Administrator credentials.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.