Overview
- Description
- A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system or conduct an SSRF attack through the affected device.
- Source
- ykramarz@cisco.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 5.5
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- ykramarz@cisco.com
- CWE-611
Social media
- Hype score
- Not currently trending
CVE-2024-20531 XML External Entity Vulnerability in Cisco ISE Enabling SSRF Attacks A flaw in the API of Cisco ISE lets a remote attacker with Super Admin access read any files on the device's operating system an... https://t.co/7Xy3hBanXz
@VulmonFeeds
6 Nov 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-20531 A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device… https://t.co/Lk2BcLn7Be
@CVEnew
6 Nov 2024
364 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes