← volver
CVE-2024-20417

Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabities

CVSS 6.5 MEDIUMEPSS 0.5%CWE-89
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
21 ago 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the attacker to view or modify data on the affected device.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N