VDB
CVE-2024-20417
CVE-2024-20417
PUBLISHED
Es besteht eine Schwachstelle in Cisco Identity Services Engine (ISE). Diese Fehler betrifft die REST-API aufgrund einer unzureichenden Validierung der vom Benutzer bereitgestellten Eingaben, was zu einem blinden SQL-Injection-Angriff führt. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, indem er speziell gestaltete Eingaben an das betroffene Gerät sendet, wodurch vertrauliche Informationen offengelegt und Daten manipuliert werden können.
EPSS 0.19% · 40.2th percentile
Risk Scores
EPSS Score
0.19%
40.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Identity Services Engine (ISE) 3.3 | |
| Cisco | Cisco Identity Services Engine (ISE) <3.2P5 | |
| Cisco | Cisco Identity Services Engine (ISE) <3.2P7 | |
| Cisco | Cisco Identity Services Engine (ISE) <3.1P9 |
Exploit Intelligence
- CIRCL seen: CVE-2024-20417 (circl-sighting)
- cisco-sa-ise-rest-5bPKrNtZ (circl)
Timeline
- Aug 21, 2024 CVE Published
- Aug 21, 2024 PoC Published
- Aug 22, 2024 EPSS Score
- Aug 27, 2024 CVE Updated
- Sep 12, 2024 EPSS Score
- Oct 2, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 23, 2024 EPSS Score
- Nov 12, 2024 EPSS Score
- Dec 4, 2024 EPSS Score
- Dec 24, 2024 EPSS Score
- Jan 14, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1902.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1902 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-y4ZUz5Rj advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-vdF8Jbyk advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rest-5bPKrNtZ advisory