VDB
CVE-2024-20476
CVE-2024-20476
PUBLISHED
Es besteht eine Schwachstelle in der Cisco Identity Services Engine (ISE). Dieser Fehler existiert in der webbasierten Verwaltungsschnittstelle aufgrund einer fehlenden serverseitigen Validierung der Administratorberechtigungen. Ein entfernter authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.
EPSS 0.03% · 10.1th percentile
Risk Scores
EPSS Score
0.03%
10.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Identity Services Engine (ISE) <3.2P7 | |
| Cisco | Cisco Identity Services Engine (ISE) <3.3P4 | |
| Cisco | Cisco Identity Services Engine (ISE) <3.1P10 |
Exploit Intelligence
- CIRCL seen: CVE-2024-20476 (circl-sighting)
- CIRCL seen: CVE-2024-20476 (circl-sighting)
- CIRCL seen: CVE-2024-20476 (circl-sighting)
- CIRCL seen: CVE-2024-20476 (circl-sighting)
- cisco-sa-ise-multi-vulns-AF544ED5 (circl)
Timeline
- Nov 6, 2024 Coalition ESS Score
- Nov 6, 2024 CVE Published
- Nov 6, 2024 PoC Published
- Nov 6, 2024 CVE Updated
- Nov 7, 2024 EPSS Score
- Nov 7, 2024 PoC Published
- Nov 7, 2024 PoC Published
- Nov 7, 2024 PoC Published
- Nov 25, 2024 EPSS Score
- Nov 29, 2024 Coalition ESS Score
- Dec 14, 2024 EPSS Score
- Jan 1, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3355.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3355 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5 advisory