VDB
CVE-2024-20537
CVE-2024-20537
PUBLISHED
Es besteht eine Schwachstelle in der Cisco Identity Services Engine (ISE). Dieser Fehler existiert in der webbasierten Verwaltungsschnittstelle aufgrund einer fehlenden serverseitigen Validierung der Administratorberechtigungen. Durch die Übermittlung einer manipulierten HTTP-Anfrage kann ein entfernter authentifizierter Angreifer diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen und administrative Funktionen auszuführen.
EPSS 0.04% · 12.2th percentile
Risk Scores
EPSS Score
0.04%
12.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Identity Services Engine (ISE) <3.1P10 | |
| Cisco | Cisco Identity Services Engine (ISE) <3.3P4 | |
| Cisco | Cisco Identity Services Engine (ISE) <3.2P7 |
Exploit Intelligence
- CIRCL seen: CVE-2024-20537 (circl-sighting)
- CIRCL seen: CVE-2024-20537 (circl-sighting)
- CIRCL seen: CVE-2024-20537 (circl-sighting)
- CIRCL seen: CVE-2024-20537 (circl-sighting)
- cisco-sa-ise-auth-bypass-BBRf7mkE (circl)
Timeline
- Nov 6, 2024 Coalition ESS Score
- Nov 6, 2024 CVE Published
- Nov 6, 2024 CVE Updated
- Nov 6, 2024 PoC Published
- Nov 7, 2024 EPSS Score
- Nov 7, 2024 PoC Published
- Nov 7, 2024 PoC Published
- Nov 7, 2024 PoC Published
- Nov 25, 2024 EPSS Score
- Nov 29, 2024 Coalition ESS Score
- Dec 14, 2024 EPSS Score
- Jan 1, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3355.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3355 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5 advisory