CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20417

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the attacker to view or modify data on the affected device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.4%

CVSS Severity

CVSS v3 Score 6.5

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rest-5bPKrNtZ

Products affected by CVE-2024-20417

Cisco » Identity Services Engine » Version: 3.1

cpe:2.3:a:cisco:identity_services_engine:3.1
Cisco » Identity Services Engine » Version: 3.1.0

cpe:2.3:a:cisco:identity_services_engine:3.1.0
Cisco » Identity Services Engine » Version: 3.2.0

cpe:2.3:a:cisco:identity_services_engine:3.2.0
Cisco » Identity Services Engine » Version: 3.3.0

cpe:2.3:a:cisco:identity_services_engine:3.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20417

Products

Pricing

Contact Us