CVE-2024-20515 — Vulnetix

CVE-2024-20515 PUBLISHED

Es existiert eine Schwachstelle in Cisco Identity Services Engine (ISE). Ein entfernter, authentisierter Angreifer mit "Read-Only Administrator" Berechtigung kann über die Web-basierte Managementoberfläche vertrauliche Konfigurationsdaten auslesen.

EPSS 0.15% · 35.8th percentile

Risk Scores

EPSS Score

0.15%

35.8th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Identity Services Engine (ISE) <3.2P7
Cisco	Cisco Identity Services Engine (ISE) <3.3P3
Cisco	Cisco Identity Services Engine (ISE) <3.1P9

Exploit Intelligence

CIRCL seen: CVE-2024-20515 (circl-sighting)
cisco-sa-ise-info-disc-ZYF2nEEX (circl)

Timeline

Oct 2, 2024 CVE Published
Oct 2, 2024 PoC Published
Oct 3, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 16, 2024 Coalition ESS Score
Oct 22, 2024 EPSS Score
Nov 10, 2024 EPSS Score
Nov 29, 2024 EPSS Score
Dec 19, 2024 EPSS Score
Jan 7, 2025 EPSS Score
Jan 26, 2025 EPSS Score
Feb 14, 2025 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3077.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3077 advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disc-ZYF2nEEX advisory

Open in Interactive Console →