Lucene search

CiscoCVE-2024-20251

HistoryJan 17, 2024 - 5:15 p.m.

CVE-2024-20251

2024-01-1717:15:11

CWE-79

cisco

web.nvd.nist.gov

cve-2024-20251

cisco identity services engine

web-based management interface

stored cross-site scripting

authentication

remote attacker

input validation

malicious code

arbitrary script code

sensitive information

nvd

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Affected configurations

Nvd

Vulners

Node

ciscoidentity_services_engineMatch1.0

ciscoidentity_services_engineMatch1.0.4

ciscoidentity_services_engineMatch1.1

ciscoidentity_services_engineMatch1.1.1

ciscoidentity_services_engineMatch1.1.2

ciscoidentity_services_engineMatch1.1.3

ciscoidentity_services_engineMatch1.1.4

ciscoidentity_services_engineMatch1.2

ciscoidentity_services_engineMatch1.2\(1.199\)

ciscoidentity_services_engineMatch1.2.1

ciscoidentity_services_engineMatch1.3

ciscoidentity_services_engineMatch1.3\(0.722\)

ciscoidentity_services_engineMatch1.3\(0.876\)

ciscoidentity_services_engineMatch1.3\(0.909\)

ciscoidentity_services_engineMatch1.3\(106.146\)

ciscoidentity_services_engineMatch1.3\(120.135\)

ciscoidentity_services_engineMatch1.4

ciscoidentity_services_engineMatch1.4\(0.109\)

ciscoidentity_services_engineMatch1.4\(0.181\)

ciscoidentity_services_engineMatch1.4\(0.253\)

ciscoidentity_services_engineMatch1.4\(0.908\)

ciscoidentity_services_engineMatch2.0

ciscoidentity_services_engineMatch2.0\(0.147\)

ciscoidentity_services_engineMatch2.0\(0.169\)

ciscoidentity_services_engineMatch2.0\(0.222\)

ciscoidentity_services_engineMatch2.0\(0.234\)

ciscoidentity_services_engineMatch2.0\(0.249\)

ciscoidentity_services_engineMatch2.0\(0.306\)

ciscoidentity_services_engineMatch2.0\(1.130\)

ciscoidentity_services_engineMatch2.0.1

ciscoidentity_services_engineMatch2.1

ciscoidentity_services_engineMatch2.1\(0.474\)

ciscoidentity_services_engineMatch2.1\(0.476\)

ciscoidentity_services_engineMatch2.1\(0.800\)

ciscoidentity_services_engineMatch2.1\(0.904\)

ciscoidentity_services_engineMatch2.1\(0.907\)

ciscoidentity_services_engineMatch2.1\(102.101\)

ciscoidentity_services_engineMatch2.1\(102.103\)

ciscoidentity_services_engineMatch2.2

ciscoidentity_services_engineMatch2.2\(0.283\)

ciscoidentity_services_engineMatch2.2\(0.470\)

ciscoidentity_services_engineMatch2.2\(0.471\)

ciscoidentity_services_engineMatch2.2\(0.903\)

ciscoidentity_services_engineMatch2.2\(0.909\)

ciscoidentity_services_engineMatch2.2\(0.910\)

ciscoidentity_services_engineMatch2.2\(1.145\)

ciscoidentity_services_engineMatch2.2.0-

ciscoidentity_services_engineMatch2.2.0patch1

ciscoidentity_services_engineMatch2.2.0patch10

ciscoidentity_services_engineMatch2.2.0patch12

ciscoidentity_services_engineMatch2.2.0patch13

ciscoidentity_services_engineMatch2.2.0patch14

ciscoidentity_services_engineMatch2.2.0patch15

ciscoidentity_services_engineMatch2.2.0patch16

ciscoidentity_services_engineMatch2.2.0patch17

ciscoidentity_services_engineMatch2.2.0patch2

ciscoidentity_services_engineMatch2.2.0patch3

ciscoidentity_services_engineMatch2.2.0patch4

ciscoidentity_services_engineMatch2.2.0patch5

ciscoidentity_services_engineMatch2.2.0patch6

ciscoidentity_services_engineMatch2.2.0patch7

ciscoidentity_services_engineMatch2.2.0patch8

ciscoidentity_services_engineMatch2.2.0patch9

ciscoidentity_services_engineMatch2.2.0.470-

ciscoidentity_services_engineMatch2.2.0.470patch1

ciscoidentity_services_engineMatch2.2.0.470patch10

ciscoidentity_services_engineMatch2.2.0.470patch11

ciscoidentity_services_engineMatch2.2.0.470patch12

ciscoidentity_services_engineMatch2.2.0.470patch13

ciscoidentity_services_engineMatch2.2.0.470patch14

ciscoidentity_services_engineMatch2.2.0.470patch15

ciscoidentity_services_engineMatch2.2.0.470patch16

ciscoidentity_services_engineMatch2.2.0.470patch2

ciscoidentity_services_engineMatch2.2.0.470patch3

ciscoidentity_services_engineMatch2.2.0.470patch4

ciscoidentity_services_engineMatch2.2.0.470patch5

ciscoidentity_services_engineMatch2.2.0.470patch6

ciscoidentity_services_engineMatch2.2.0.470patch7

ciscoidentity_services_engineMatch2.2.0.470patch8

ciscoidentity_services_engineMatch2.2.0.470patch9

ciscoidentity_services_engineMatch2.3

ciscoidentity_services_engineMatch2.3\(0.151\)

ciscoidentity_services_engineMatch2.3\(0.298\)

ciscoidentity_services_engineMatch2.3\(0.904\)

ciscoidentity_services_engineMatch2.3\(0.905\)

ciscoidentity_services_engineMatch2.3.0-

ciscoidentity_services_engineMatch2.3.0patch1

ciscoidentity_services_engineMatch2.3.0patch2

ciscoidentity_services_engineMatch2.3.0patch3

ciscoidentity_services_engineMatch2.3.0patch4

ciscoidentity_services_engineMatch2.3.0patch5

ciscoidentity_services_engineMatch2.3.0patch6

ciscoidentity_services_engineMatch2.3.0patch7

ciscoidentity_services_engineMatch2.3.0.298-

ciscoidentity_services_engineMatch2.3.0.298patch1

ciscoidentity_services_engineMatch2.3.0.298patch2

ciscoidentity_services_engineMatch2.3.0.298patch3

ciscoidentity_services_engineMatch2.3.0.298patch4

ciscoidentity_services_engineMatch2.3.0.298patch5

ciscoidentity_services_engineMatch2.3.0.298patch6

ciscoidentity_services_engineMatch2.3.0.298patch7

ciscoidentity_services_engineMatch2.4

ciscoidentity_services_engineMatch2.4\(0.192\)

ciscoidentity_services_engineMatch2.4\(0.247\)

ciscoidentity_services_engineMatch2.4\(0.357\)

ciscoidentity_services_engineMatch2.4\(0.901\)

ciscoidentity_services_engineMatch2.4\(0.901.1\)

ciscoidentity_services_engineMatch2.4\(0.902\)

ciscoidentity_services_engineMatch2.4\(0.903\)

ciscoidentity_services_engineMatch2.4\(0.904\)

ciscoidentity_services_engineMatch002.004\(000.914\)-

ciscoidentity_services_engineMatch2.4\(100.159\)

ciscoidentity_services_engineMatch2.4.0-

ciscoidentity_services_engineMatch2.4.0patch_11

ciscoidentity_services_engineMatch2.4.0patch1

ciscoidentity_services_engineMatch2.4.0patch10

ciscoidentity_services_engineMatch2.4.0patch11

ciscoidentity_services_engineMatch2.4.0patch12

ciscoidentity_services_engineMatch2.4.0patch13

ciscoidentity_services_engineMatch2.4.0patch14

ciscoidentity_services_engineMatch2.4.0patch2

ciscoidentity_services_engineMatch2.4.0patch3

ciscoidentity_services_engineMatch2.4.0patch4

ciscoidentity_services_engineMatch2.4.0patch5

ciscoidentity_services_engineMatch2.4.0patch6

ciscoidentity_services_engineMatch2.4.0patch7

ciscoidentity_services_engineMatch2.4.0patch8

ciscoidentity_services_engineMatch2.4.0patch9

ciscoidentity_services_engineMatch2.4.0.357-

ciscoidentity_services_engineMatch2.4.0.357patch1

ciscoidentity_services_engineMatch2.4.0.357patch10

ciscoidentity_services_engineMatch2.4.0.357patch11

ciscoidentity_services_engineMatch2.4.0.357patch12

ciscoidentity_services_engineMatch2.4.0.357patch2

ciscoidentity_services_engineMatch2.4.0.357patch3

ciscoidentity_services_engineMatch2.4.0.357patch4

ciscoidentity_services_engineMatch2.4.0.357patch5

ciscoidentity_services_engineMatch2.4.0.357patch6

ciscoidentity_services_engineMatch2.4.0.357patch7

ciscoidentity_services_engineMatch2.4.0.357patch8

ciscoidentity_services_engineMatch2.4.0.357patch9

ciscoidentity_services_engineMatch2.5

ciscoidentity_services_engineMatch2.5\(0.1\)

ciscoidentity_services_engineMatch2.5\(0.225\)

ciscoidentity_services_engineMatch2.5\(0.353\)

ciscoidentity_services_engineMatch2.6

ciscoidentity_services_engineMatch2.6\(0.156\)

ciscoidentity_services_engineMatch002.006\(000.156\)-

ciscoidentity_services_engineMatch2.6\(0.999\)-

ciscoidentity_services_engineMatch2.6.0-

ciscoidentity_services_engineMatch2.6.0patch1

ciscoidentity_services_engineMatch2.6.0patch10

ciscoidentity_services_engineMatch2.6.0patch11

ciscoidentity_services_engineMatch2.6.0patch12

ciscoidentity_services_engineMatch2.6.0patch2

ciscoidentity_services_engineMatch2.6.0patch3

ciscoidentity_services_engineMatch2.6.0patch4

ciscoidentity_services_engineMatch2.6.0patch5

ciscoidentity_services_engineMatch2.6.0patch6

ciscoidentity_services_engineMatch2.6.0patch7

ciscoidentity_services_engineMatch2.6.0patch8

ciscoidentity_services_engineMatch2.6.0patch9

ciscoidentity_services_engineMatch2.6.0.156patch1

ciscoidentity_services_engineMatch2.6.0.156patch2

ciscoidentity_services_engineMatch2.6.0.156patch3

ciscoidentity_services_engineMatch2.6.0.156patch5

ciscoidentity_services_engineMatch2.6.0.156patch6

ciscoidentity_services_engineMatch2.6.0.156patch7

ciscoidentity_services_engineMatch2.7

ciscoidentity_services_engineMatch2.7\(0.207\)

ciscoidentity_services_engineMatch2.7\(0.356\)

ciscoidentity_services_engineMatch2.7\(0.356\)-

ciscoidentity_services_engineMatch002.007\(000.356\)-

ciscoidentity_services_engineMatch2.7\(0.903\)

ciscoidentity_services_engineMatch2.7.0-

ciscoidentity_services_engineMatch2.7.0patch1

ciscoidentity_services_engineMatch2.7.0patch2

ciscoidentity_services_engineMatch2.7.0patch3

ciscoidentity_services_engineMatch2.7.0patch4

ciscoidentity_services_engineMatch2.7.0patch5

ciscoidentity_services_engineMatch2.7.0patch6

ciscoidentity_services_engineMatch2.7.0patch7

ciscoidentity_services_engineMatch2.7.0patch8

ciscoidentity_services_engineMatch2.7.0patch9

ciscoidentity_services_engineMatch2.7.0.356patch1

ciscoidentity_services_engineMatch3.0\(0.458\)

ciscoidentity_services_engineMatch003.000\(000.458\)-

ciscoidentity_services_engineMatch3.0.0-

ciscoidentity_services_engineMatch3.0.0patch1

ciscoidentity_services_engineMatch3.0.0patch2

ciscoidentity_services_engineMatch3.0.0patch3

ciscoidentity_services_engineMatch3.0.0patch4

ciscoidentity_services_engineMatch3.0.0patch5

ciscoidentity_services_engineMatch3.0.0patch6

ciscoidentity_services_engineMatch3.0.0patch7

ciscoidentity_services_engineMatch3.1-

ciscoidentity_services_engineMatch3.1patch1

ciscoidentity_services_engineMatch3.1patch2

ciscoidentity_services_engineMatch3.1patch3

ciscoidentity_services_engineMatch3.1patch4

ciscoidentity_services_engineMatch3.1patch5

ciscoidentity_services_engineMatch3.1patch6

ciscoidentity_services_engineMatch3.1patch7

Node

ciscoidentity_services_engineMatch3.2-

ciscoidentity_services_engineMatch3.2patch1

ciscoidentity_services_engineMatch3.2patch2

ciscoidentity_services_engineMatch3.2patch3

ciscoidentity_services_engineMatch3.2patch4

VendorProductVersionCPE
ciscoidentity_services_engine1.0cpe:2.3:a:cisco:identity_services_engine:1.0:*:*:*:*:*:*:*
ciscoidentity_services_engine1.0.4cpe:2.3:a:cisco:identity_services_engine:1.0.4:*:*:*:*:*:*:*
ciscoidentity_services_engine1.1cpe:2.3:a:cisco:identity_services_engine:1.1:*:*:*:*:*:*:*
ciscoidentity_services_engine1.1.1cpe:2.3:a:cisco:identity_services_engine:1.1.1:*:*:*:*:*:*:*
ciscoidentity_services_engine1.1.2cpe:2.3:a:cisco:identity_services_engine:1.1.2:*:*:*:*:*:*:*
ciscoidentity_services_engine1.1.3cpe:2.3:a:cisco:identity_services_engine:1.1.3:*:*:*:*:*:*:*
ciscoidentity_services_engine1.1.4cpe:2.3:a:cisco:identity_services_engine:1.1.4:*:*:*:*:*:*:*
ciscoidentity_services_engine1.2cpe:2.3:a:cisco:identity_services_engine:1.2:*:*:*:*:*:*:*
ciscoidentity_services_engine1.2(1.199)cpe:2.3:a:cisco:identity_services_engine:1.2\(1.199\):*:*:*:*:*:*:*
ciscoidentity_services_engine1.2.1cpe:2.3:a:cisco:identity_services_engine:1.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine	1.0	cpe:2.3:a:cisco:identity_services_engine:1.0:::::::*
cisco	identity_services_engine	1.0.4	cpe:2.3:a:cisco:identity_services_engine:1.0.4:::::::*
cisco	identity_services_engine	1.1	cpe:2.3:a:cisco:identity_services_engine:1.1:::::::*
cisco	identity_services_engine	1.1.1	cpe:2.3:a:cisco:identity_services_engine:1.1.1:::::::*
cisco	identity_services_engine	1.1.2	cpe:2.3:a:cisco:identity_services_engine:1.1.2:::::::*
cisco	identity_services_engine	1.1.3	cpe:2.3:a:cisco:identity_services_engine:1.1.3:::::::*
cisco	identity_services_engine	1.1.4	cpe:2.3:a:cisco:identity_services_engine:1.1.4:::::::*
cisco	identity_services_engine	1.2	cpe:2.3:a:cisco:identity_services_engine:1.2:::::::*
cisco	identity_services_engine	1.2(1.199)	cpe:2.3:a:cisco:identity_services_engine:1.2\(1.199\):::::::*
cisco	identity_services_engine	1.2.1	cpe:2.3:a:cisco:identity_services_engine:1.2.1:::::::*

Rows per page:

1-10 of 2081

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Identity Services Engine Software",
    "versions": [
      {
        "version": "2.7.0",
        "status": "affected"
      },
      {
        "version": "2.7.0 p1",
        "status": "affected"
      },
      {
        "version": "2.7.0 p2",
        "status": "affected"
      },
      {
        "version": "2.7.0 p3",
        "status": "affected"
      },
      {
        "version": "2.7.0 p4",
        "status": "affected"
      },
      {
        "version": "2.7.0 p5",
        "status": "affected"
      },
      {
        "version": "2.7.0 p6",
        "status": "affected"
      },
      {
        "version": "2.7.0 p7",
        "status": "affected"
      },
      {
        "version": "2.7.0 p8",
        "status": "affected"
      },
      {
        "version": "2.7.0 p9",
        "status": "affected"
      },
      {
        "version": "2.7.0 p10",
        "status": "affected"
      },
      {
        "version": "3.0.0",
        "status": "affected"
      },
      {
        "version": "3.0.0 p1",
        "status": "affected"
      },
      {
        "version": "3.0.0 p2",
        "status": "affected"
      },
      {
        "version": "3.0.0 p3",
        "status": "affected"
      },
      {
        "version": "3.0.0 p4",
        "status": "affected"
      },
      {
        "version": "3.0.0 p5",
        "status": "affected"
      },
      {
        "version": "3.0.0 p6",
        "status": "affected"
      },
      {
        "version": "3.0.0 p7",
        "status": "affected"
      },
      {
        "version": "3.0.0 p8",
        "status": "affected"
      },
      {
        "version": "3.1.0",
        "status": "affected"
      },
      {
        "version": "3.1.0 p1",
        "status": "affected"
      },
      {
        "version": "3.1.0 p3",
        "status": "affected"
      },
      {
        "version": "3.1.0 p2",
        "status": "affected"
      },
      {
        "version": "3.1.0 p4",
        "status": "affected"
      },
      {
        "version": "3.1.0 p5",
        "status": "affected"
      },
      {
        "version": "3.1.0 p6",
        "status": "affected"
      },
      {
        "version": "3.1.0 p7",
        "status": "affected"
      },
      {
        "version": "3.2.0",
        "status": "affected"
      },
      {
        "version": "3.2.0 p1",
        "status": "affected"
      },
      {
        "version": "3.2.0 p2",
        "status": "affected"
      },
      {
        "version": "3.2.0 p3",
        "status": "affected"
      },
      {
        "version": "3.2.0 p4",
        "status": "affected"
      },
      {
        "version": "3.3.0",
        "status": "affected"
      }
    ]
  }
]