CVE-2024-20417

Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabities

Description

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the attacker to view or modify data on the affected device.

INFO

Published Date :

2024-08-21T19:16:43.196Z

Last Modified :

2024-08-27T13:43:25.274Z

Source :

cisco

AFFECTED PRODUCTS

The following products are affected by CVE-2024-20417 vulnerability.

Vendors	Products
Cisco	Identity Services Engine Identity Services Engine Software

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-20417.

URL	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rest-5bPKrNtZ

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact