CVE-2024-20332

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) (affected versions not specified)

Description The issue is related to improper input validation for specific HTTP requests in the web-based management interface, allowing an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. An attacker could exploit this by sending a crafted HTTP request to an affected device, potentially allowing them to send arbitrary network requests sourced from the affected device. The attacker would need valid Super Admin credentials to successfully exploit this vulnerability.

Recommendations To resolve the issue, update the Cisco Identity Services Engine (ISE) to a version that includes the fix for the improper input validation vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.