Lucene search

CiscoCVE-2024-20479

HistoryAug 07, 2024 - 5:15 p.m.

CVE-2024-20479

2024-08-0717:15:50

CWE-79

cisco

web.nvd.nist.gov

cisco

ise

web interface

xss

attack

remote

vulnerability

user input

management interface

exploit

malicious code

admin privileges

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

Percentile

14.7%

JSON

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.

This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have Admin privileges on an affected device.

Affected configurations

Nvd

Vulners

Node

ciscoidentity_services_engineMatch2.7.0-

ciscoidentity_services_engineMatch2.7.0patch1

ciscoidentity_services_engineMatch2.7.0patch10

ciscoidentity_services_engineMatch2.7.0patch2

ciscoidentity_services_engineMatch2.7.0patch3

ciscoidentity_services_engineMatch2.7.0patch4

ciscoidentity_services_engineMatch2.7.0patch5

ciscoidentity_services_engineMatch2.7.0patch6

ciscoidentity_services_engineMatch2.7.0patch7

ciscoidentity_services_engineMatch2.7.0patch8

ciscoidentity_services_engineMatch2.7.0patch9

ciscoidentity_services_engineMatch3.0.0-

ciscoidentity_services_engineMatch3.0.0patch1

ciscoidentity_services_engineMatch3.0.0patch2

ciscoidentity_services_engineMatch3.0.0patch3

ciscoidentity_services_engineMatch3.0.0patch4

ciscoidentity_services_engineMatch3.0.0patch5

ciscoidentity_services_engineMatch3.0.0patch6

ciscoidentity_services_engineMatch3.0.0patch8

ciscoidentity_services_engineMatch3.1-

ciscoidentity_services_engineMatch3.1patch1

ciscoidentity_services_engineMatch3.1patch2

ciscoidentity_services_engineMatch3.1patch3

ciscoidentity_services_engineMatch3.1patch4

ciscoidentity_services_engineMatch3.1patch5

ciscoidentity_services_engineMatch3.1patch6

ciscoidentity_services_engineMatch3.1patch7

ciscoidentity_services_engineMatch3.1patch8

ciscoidentity_services_engineMatch3.2-

ciscoidentity_services_engineMatch3.2patch1

ciscoidentity_services_engineMatch3.2patch2

ciscoidentity_services_engineMatch3.2patch3

ciscoidentity_services_engineMatch3.2patch4

ciscoidentity_services_engineMatch3.2patch5

ciscoidentity_services_engineMatch3.2patch6

ciscoidentity_services_engineMatch3.3-

ciscoidentity_services_engineMatch3.3patch1

ciscoidentity_services_engineMatch3.3patch2

VendorProductVersionCPE
ciscoidentity_services_engine2.7.0cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*
ciscoidentity_services_engine2.7.0cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*
ciscoidentity_services_engine2.7.0cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch10:*:*:*:*:*:*
ciscoidentity_services_engine2.7.0cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*
ciscoidentity_services_engine2.7.0cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*
ciscoidentity_services_engine2.7.0cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*
ciscoidentity_services_engine2.7.0cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch5:*:*:*:*:*:*
ciscoidentity_services_engine2.7.0cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch6:*:*:*:*:*:*
ciscoidentity_services_engine2.7.0cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch7:*:*:*:*:*:*
ciscoidentity_services_engine2.7.0cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch8:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine	2.7.0	cpe:2.3:a:cisco:identity_services_engine:2.7.0:-::::::
cisco	identity_services_engine	2.7.0	cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1::::::
cisco	identity_services_engine	2.7.0	cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch10::::::
cisco	identity_services_engine	2.7.0	cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2::::::
cisco	identity_services_engine	2.7.0	cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3::::::
cisco	identity_services_engine	2.7.0	cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4::::::
cisco	identity_services_engine	2.7.0	cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch5::::::
cisco	identity_services_engine	2.7.0	cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch6::::::
cisco	identity_services_engine	2.7.0	cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch7::::::
cisco	identity_services_engine	2.7.0	cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch8::::::

Rows per page:

1-10 of 381

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Identity Services Engine Software",
    "versions": [
      {
        "version": "2.7.0",
        "status": "affected"
      },
      {
        "version": "2.7.0 p1",
        "status": "affected"
      },
      {
        "version": "2.7.0 p2",
        "status": "affected"
      },
      {
        "version": "2.7.0 p3",
        "status": "affected"
      },
      {
        "version": "2.7.0 p4",
        "status": "affected"
      },
      {
        "version": "2.7.0 p5",
        "status": "affected"
      },
      {
        "version": "2.7.0 p6",
        "status": "affected"
      },
      {
        "version": "2.7.0 p7",
        "status": "affected"
      },
      {
        "version": "2.7.0 p8",
        "status": "affected"
      },
      {
        "version": "2.7.0 p9",
        "status": "affected"
      },
      {
        "version": "2.7.0 p10",
        "status": "affected"
      },
      {
        "version": "3.0.0",
        "status": "affected"
      },
      {
        "version": "3.0.0 p1",
        "status": "affected"
      },
      {
        "version": "3.0.0 p2",
        "status": "affected"
      },
      {
        "version": "3.0.0 p3",
        "status": "affected"
      },
      {
        "version": "3.0.0 p4",
        "status": "affected"
      },
      {
        "version": "3.0.0 p5",
        "status": "affected"
      },
      {
        "version": "3.0.0 p6",
        "status": "affected"
      },
      {
        "version": "3.0.0 p7",
        "status": "affected"
      },
      {
        "version": "3.0.0 p8",
        "status": "affected"
      },
      {
        "version": "3.1.0",
        "status": "affected"
      },
      {
        "version": "3.1.0 p1",
        "status": "affected"
      },
      {
        "version": "3.1.0 p3",
        "status": "affected"
      },
      {
        "version": "3.1.0 p2",
        "status": "affected"
      },
      {
        "version": "3.1.0 p4",
        "status": "affected"
      },
      {
        "version": "3.1.0 p5",
        "status": "affected"
      },
      {
        "version": "3.1.0 p6",
        "status": "affected"
      },
      {
        "version": "3.1.0 p7",
        "status": "affected"
      },
      {
        "version": "3.1.0 p8",
        "status": "affected"
      },
      {
        "version": "3.2.0",
        "status": "affected"
      },
      {
        "version": "3.2.0 p1",
        "status": "affected"
      },
      {
        "version": "3.2.0 p2",
        "status": "affected"
      },
      {
        "version": "3.2.0 p3",
        "status": "affected"
      },
      {
        "version": "3.2.0 p4",
        "status": "affected"
      },
      {
        "version": "3.2.0 p5",
        "status": "affected"
      },
      {
        "version": "3.2.0 p6",
        "status": "affected"
      },
      {
        "version": "3.3.0",
        "status": "affected"
      },
      {
        "version": "3.3 Patch 2",
        "status": "affected"
      },
      {
        "version": "3.3 Patch 1",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-V2bm9JCY