CVE-2024-20417

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the attacker to view or modify data on the affected device.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rest-5bPKrNtZ

Configurations

No configuration.

History

22 Aug 2024, 12:48

Type	Values Removed	Values Added
Summary		(es) Múltiples vulnerabilidades en la API REST de Cisco Identity Services Engine (ISE) podrían permitir que un atacante remoto autenticado realice ataques de inyección SQL ciegos. Estas vulnerabilidades se deben a una validación insuficiente de la entrada proporcionada por el usuario en las llamadas a la API REST. Un atacante podría aprovechar estas vulnerabilidades enviando datos manipulados a un dispositivo afectado. Un exploit exitoso podría permitir al atacante ver o modificar datos en el dispositivo afectado.

21 Aug 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-21 20:15

Updated : 2024-08-22 12:48

NVD link : CVE-2024-20417

Mitre link : CVE-2024-20417

CVE.ORG link : CVE-2024-20417

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

6.5 /10