Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20537


A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to conduct administrative functions beyond their intended access level. To exploit this vulnerability, an attacker would need Read-Only Administrator credentials.


Published

2024-11-06T17:15:19.350

Last Modified

2024-11-22T19:53:29.893

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-863

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco identity_services_engine 3.0.0 Yes
Application cisco identity_services_engine 3.0.0 Yes
Application cisco identity_services_engine 3.0.0 Yes
Application cisco identity_services_engine 3.0.0 Yes
Application cisco identity_services_engine 3.0.0 Yes
Application cisco identity_services_engine 3.0.0 Yes
Application cisco identity_services_engine 3.0.0 Yes
Application cisco identity_services_engine 3.0.0 Yes
Application cisco identity_services_engine 3.0.0 Yes
Application cisco identity_services_engine 3.1.0 Yes
Application cisco identity_services_engine 3.1.0 Yes
Application cisco identity_services_engine 3.1.0 Yes
Application cisco identity_services_engine 3.1.0 Yes
Application cisco identity_services_engine 3.1.0 Yes
Application cisco identity_services_engine 3.1.0 Yes
Application cisco identity_services_engine 3.1.0 Yes
Application cisco identity_services_engine 3.1.0 Yes
Application cisco identity_services_engine 3.1.0 Yes
Application cisco identity_services_engine 3.1.0 Yes
Application cisco identity_services_engine 3.2.0 Yes
Application cisco identity_services_engine 3.2.0 Yes
Application cisco identity_services_engine 3.2.0 Yes
Application cisco identity_services_engine 3.2.0 Yes
Application cisco identity_services_engine 3.2.0 Yes
Application cisco identity_services_engine 3.2.0 Yes
Application cisco identity_services_engine 3.2.0 Yes
Application cisco identity_services_engine 3.3.0 Yes
Application cisco identity_services_engine 3.3.0 Yes
Application cisco identity_services_engine 3.3.0 Yes

References