PT-2024-1860 · Cisco · Cisco Unified Intelligence Center
Published
2024-02-21
·
Updated
2025-05-06
·
CVE-2024-20325
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Unified Intelligence Center (affected versions not specified)
Description
A vulnerability in the Live Data server could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This issue is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device, potentially allowing them to read and modify data handled by an internal service.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Unified Intelligence Center