Cisco ISE Authorization Bypass and Stored XSS Vulnerabilities (CVE-2024-20476/20487)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Cisco Identity Services Engine (ISE) Vulnerabilities - Vulnerability IDs: CVE-2024-20476, CVE-2024-20487 - Vulnerability Types: Authorization Bypass Vulnerability, Stored XSS Vulnerability - Affected Products: Cisco ISE 3.0 and earlier versions - Affected Scope: Cisco ISE web-based management interface 2. Impact: - Affected Scope: Cisco ISE 3.0 and earlier versions - Severity Level: Medium (CVSS Base Score: 4.3) 3. Exploitation: - Exploitation Method: By submitting malicious HTTP requests to the affected system, attackers can bypass authorization mechanisms with administrative privileges or execute cross-site scripting (XSS) attacks. - Exploitation Conditions: Requires valid administrator credentials with read access. 4. Remediation: - Patch Available: Cisco has released software updates to fix these vulnerabilities. - Workarounds: No workarounds are available. 5. Affected Products: - Affected Products: Cisco ISE 3.0 and earlier versions - Affected Component: Cisco ISE web-based management interface 6. Reference Links: - Vulnerability Details: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5 This information helps users understand the details of the vulnerability, the scope of affected products, and how to remediate the issues via software updates.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco ISE Authorization Bypass and Stored XSS Vulnerabilities (CVE-2024-20476/20487)