CVE-2024-20476

Name of the Vulnerable Software and Affected Versions Cisco ISE (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This is due to a lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system, potentially allowing them to upload files to restricted locations. The attacker would need valid Read-Only Administrator credentials to exploit this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.