CVE-2024-20525

🗓️ 06 Nov 2024 16:30:13Reported by ciscoType

A vulnerability in Cisco ISE's web management interface allows remote unauthenticated attackers to conduct XSS attacks by exploiting input validation

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to carry out cross-site scripting attacks.	3 Mar 202500:00	–	bdu_fstec
Circl	CVE-2024-20525	6 Nov 202419:10	–	circl
Cisco	Cisco Identity Services Engine Vulnerabilities	6 Nov 202416:00	–	cisco
Tenable Nessus	Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-multi-vuln-DBQdWRy)	7 Feb 202500:00	–	nessus
CNNVD	Cisco Identity Services Engine 跨站脚本漏洞	6 Nov 202400:00	–	cnnvd
CNVD	Cisco Identity Services Engine Web Interface Cross-Site Scripting Vulnerability (CNVD-2024-45297)	11 Nov 202400:00	–	cnvd
Cvelist	CVE-2024-20525 Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability	6 Nov 202416:30	–	cvelist
EUVD	EUVD-2024-18240	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Cisco Identity Services Engine	7 Nov 202408:55	–	ncsc
NVD	CVE-2024-20525	6 Nov 202417:15	–	nvd

NVD

Vulners

Node

cisco identity_services_engineMatch3.0.0-

cisco identity_services_engineMatch3.0.0patch1

cisco identity_services_engineMatch3.0.0patch2

cisco identity_services_engineMatch3.0.0patch3

cisco identity_services_engineMatch3.0.0patch4

cisco identity_services_engineMatch3.0.0patch5

cisco identity_services_engineMatch3.0.0patch6

cisco identity_services_engineMatch3.0.0patch7

cisco identity_services_engineMatch3.0.0patch8

cisco identity_services_engineMatch3.1.0-

cisco identity_services_engineMatch3.1.0patch1

cisco identity_services_engineMatch3.1.0patch2

cisco identity_services_engineMatch3.1.0patch3

cisco identity_services_engineMatch3.1.0patch4

cisco identity_services_engineMatch3.1.0patch5

cisco identity_services_engineMatch3.1.0patch6

cisco identity_services_engineMatch3.1.0patch7

cisco identity_services_engineMatch3.1.0patch8

cisco identity_services_engineMatch3.1.0patch9

cisco identity_services_engineMatch3.2.0-

cisco identity_services_engineMatch3.2.0patch1

cisco identity_services_engineMatch3.2.0patch2

cisco identity_services_engineMatch3.2.0patch3

cisco identity_services_engineMatch3.2.0patch4

cisco identity_services_engineMatch3.2.0patch5

cisco identity_services_engineMatch3.2.0patch6

cisco identity_services_engineMatch3.3.0-

cisco identity_services_engineMatch3.3.0patch1

cisco identity_services_engineMatch3.3.0patch2

cisco identity_services_engineMatch3.3.0patch3

cisco identity_services_engineMatch3.4.0-

[
  {
    "vendor": "Cisco",
    "product": "Cisco Identity Services Engine Software",
    "versions": [
      {
        "version": "3.0.0",
        "status": "affected"
      },
      {
        "version": "3.0.0 p1",
        "status": "affected"
      },
      {
        "version": "3.0.0 p2",
        "status": "affected"
      },
      {
        "version": "3.0.0 p3",
        "status": "affected"
      },
      {
        "version": "3.1.0",
        "status": "affected"
      },
      {
        "version": "3.0.0 p4",
        "status": "affected"
      },
      {
        "version": "3.1.0 p1",
        "status": "affected"
      },
      {
        "version": "3.0.0 p5",
        "status": "affected"
      },
      {
        "version": "3.1.0 p3",
        "status": "affected"
      },
      {
        "version": "3.1.0 p2",
        "status": "affected"
      },
      {
        "version": "3.0.0 p6",
        "status": "affected"
      },
      {
        "version": "3.2.0",
        "status": "affected"
      },
      {
        "version": "3.1.0 p4",
        "status": "affected"
      },
      {
        "version": "3.1.0 p5",
        "status": "affected"
      },
      {
        "version": "3.2.0 p1",
        "status": "affected"
      },
      {
        "version": "3.0.0 p7",
        "status": "affected"
      },
      {
        "version": "3.1.0 p6",
        "status": "affected"
      },
      {
        "version": "3.2.0 p2",
        "status": "affected"
      },
      {
        "version": "3.1.0 p7",
        "status": "affected"
      },
      {
        "version": "3.3.0",
        "status": "affected"
      },
      {
        "version": "3.2.0 p3",
        "status": "affected"
      },
      {
        "version": "3.0.0 p8",
        "status": "affected"
      },
      {
        "version": "3.2.0 p4",
        "status": "affected"
      },
      {
        "version": "3.1.0 p8",
        "status": "affected"
      },
      {
        "version": "3.2.0 p5",
        "status": "affected"
      },
      {
        "version": "3.2.0 p6",
        "status": "affected"
      },
      {
        "version": "3.1.0 p9",
        "status": "affected"
      },
      {
        "version": "3.3 Patch 2",
        "status": "affected"
      },
      {
        "version": "3.3 Patch 1",
        "status": "affected"
      },
      {
        "version": "3.3 Patch 3",
        "status": "affected"
      },
      {
        "version": "3.4.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy

17 Jun 2026 07:07Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.16.1

EPSS0.00307

CWE-79