CVE-2024-20332

CVE Database · CVE-2024-20332

CVE-2024-20332

· MEDIUMAnalyzed

CVSS v3.1

5.5

EPSS

0.37%

Published

Apr 3, 2024

Modified

Sep 30, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. To successfully exploit this vulnerability, the attacker would need valid Super Admin credentials.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-918

Affected Products (7)

cisco · identity_services_enginevulnerable

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-ssrf-FtSTh5Oz

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-ssrf-FtSTh5Oz

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs