VDB
CVE-2024-20469
CVE-2024-20469
PUBLISHED
Es besteht eine Schwachstelle in der Cisco Identity Services Engine (ISE). Dieser Fehler entsteht wegen einer unzureichenden Validierung der vom Benutzer bereitgestellten Eingaben. Durch die Übermittlung eines manipulierten CLI-Befehls kann ein lokaler Angreifer mit Administratorrechten diese Schwachstelle ausnutzen, um seine Privilegien zu root zu erweitern.
EPSS 0.12% · 30.7th percentile
Risk Scores
EPSS Score
0.12%
30.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Identity Services Engine (ISE) <3.4 | |
| Cisco | Cisco Identity Services Engine (ISE) <3.2P7 | |
| Cisco | Cisco Identity Services Engine (ISE) <3.3P4 |
Exploit Intelligence
- CIRCL seen: CVE-2024-20469 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-20469 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-20469 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-20469 (circl-sighting)
- CIRCL seen: CVE-2024-20469 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-20469 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-20469 (circl-sighting)
- cisco-sa-ise-injection-6kn9tSxm (circl)
Timeline
- Sep 4, 2024 CVE Published
- Sep 4, 2024 PoC Published
- Sep 5, 2024 EPSS Score
- Sep 5, 2024 PoC Published
- Sep 5, 2024 PoC Published
- Sep 5, 2024 PoC Published
- Sep 6, 2024 PoC Published
- Sep 6, 2024 PoC Published
- Sep 8, 2024 PoC Published
- Sep 25, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 15, 2024 EPSS Score