CVE-2024-20537

Name of the Vulnerable Software and Affected Versions Cisco ISE (affected versions not specified)

Description The issue is related to a lack of server-side validation of Administrator permissions in the web-based management interface of Cisco ISE. This could allow an authenticated, remote attacker to bypass security restrictions and elevate their privileges by sending a specially crafted HTTP request. The attacker would need Read-Only Administrator credentials to exploit this issue.

Recommendations To resolve the issue, update to a version that includes the fix for this problem. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Restrict the use of Read-Only Administrator credentials until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.