CVE-2024-50343

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Nov 6, 2024
Updated: Nov 8, 2024
CWE ID 20

Summary

CVE-2024-20531 is a vulnerability affecting the API of Cisco ISE. It enables authenticated, remote attackers to read arbitrary files on the underlying operating system and perform Server-Side Request Forgery (SSRF) attacks if they possess valid Super Admin credentials. The root cause of this vulnerability is the inadequate handling of XML External Entity (XXE) entries during XML input parsing. An attacker can exploit it by crafting a malicious API request, which, if successful, could grant unauthorized file access or facilitate SSRF attacks on the affected device.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share