CVE-2024-20531

{"id": "CVE-2024-20531", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-11-06T17:15:18.043", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}, {"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system or conduct an SSRF attack through the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la API de Cisco ISE podr\u00eda permitir que un atacante remoto autenticado lea archivos arbitrarios en el sistema operativo subyacente de un dispositivo afectado y lleve a cabo un ataque de server-side request forgery (SSRF) a trav\u00e9s de un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante necesitar\u00eda credenciales de superadministrador v\u00e1lidas. Esta vulnerabilidad se debe a un manejo inadecuado de las entradas de entidad externa XML (XXE) al analizar la entrada XML. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud de API manipulada a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante leer archivos arbitrarios en el sistema operativo subyacente o llevar a cabo un ataque SSRF a trav\u00e9s del dispositivo afectado."}], "lastModified": "2024-11-20T16:45:31.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1063044-BCD7-487F-9880-141C30547E36"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA42E65A-7207-48B8-BE1B-0B352201BC09"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75DDAF38-4D5F-4EE4-A428-68D28FC0DA96"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5FB6AA6-F8C9-48A6-BDDA-1D25C43564EB"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B3A267A-5FEA-426D-903E-BD3F4F94A1A4"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1B3207B-1B9C-41AA-8EF6-8478458462E7"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5B9E7F3-B0F2-4A6A-B939-A62E9B12CCEB"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF4C5A58-D0AE-48D6-9757-18C1D5BE5070"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DB3133B-FBE4-47F3-88FD-9AC02AFB7EBB"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A789B44-7E6C-4FE9-BD40-702A871AB8AC"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93920663-445E-4456-A905-81CEC6CA1833"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33DA5BB8-4CFE-44BD-9CEB-BC26577E8477"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3AEFA85-66B5-4145-A4AD-96D1FF86B46D"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A6A0697-6A9E-48EF-82D8-36C75E0CDFDC"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E939B65A-7912-4C36-8799-03A1526D7BD3"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "833B438F-0869-4C0D-9952-750C00702E8D"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8B2588D-01F9-450B-B2E3-ADC4125E354E"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E41016C0-19E6-4BCC-A8DD-F6C9A2B0003E"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "654E946A-07C5-4036-BC54-85EF42B808DD"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7932D5D5-83E1-4BEF-845A-D0783D4BB750"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B818846-4A6E-4256-B344-281E8C786C43"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A44858A2-922A-425A-8B38-0C47DB911A3C"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53484A32-757B-42F8-B655-554C34222060"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CCAC61F-C273-49B3-A631-31D3AE3EB148"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51AEFCE6-FB4A-4B1C-A23D-83CC3CF3FBBD"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B452B4F0-8510-475E-9AE8-B48FABB4D7D3"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D23905E0-E525-49B1-8E5F-4EB42D186768"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}