CVE-2024-20539

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface.

This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials on an affected device.

Published: Nov 6, 2024
Updated: May 4, 2025
CVE: CVE-2024-20539
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
cisco / identity_services_engine	3.0.0-patch1	3.0.0-patch1.x
cisco / identity_services_engine	3.0.0-patch2	3.0.0-patch2.x
cisco / identity_services_engine	3.0.0-patch3	3.0.0-patch3.x
cisco / identity_services_engine	3.0.0-patch4	3.0.0-patch4.x
cisco / identity_services_engine	3.0.0-patch5	3.0.0-patch5.x
cisco / identity_services_engine	3.0.0-patch6	3.0.0-patch6.x
cisco / identity_services_engine	3.1.0-patch8	3.1.0-patch8.x
cisco / identity_services_engine	3.0.0-patch8	3.0.0-patch8.x
cisco / identity_services_engine	3.2.0-patch3	3.2.0-patch3.x
cisco / identity_services_engine	3.1.0-patch7	3.1.0-patch7.x
cisco / identity_services_engine	3.1.0-patch6	3.1.0-patch6.x
cisco / identity_services_engine	3.0.0-patch7	3.0.0-patch7.x
cisco / identity_services_engine	3.2.0-patch1	3.2.0-patch1.x
cisco / identity_services_engine	3.1.0-patch5	3.1.0-patch5.x
cisco / identity_services_engine	3.1.0-patch4	3.1.0-patch4.x
cisco / identity_services_engine	3.1.0-patch2	3.1.0-patch2.x
cisco / identity_services_engine	3.1.0-patch3	3.1.0-patch3.x
cisco / identity_services_engine	3.1.0-patch1	3.1.0-patch1.x
cisco / identity_services_engine	3.3.0-patch1	3.3.0-patch1.x
cisco / identity_services_engine	3.3.0-patch2	3.3.0-patch2.x
cisco / identity_services_engine	3.2.0-patch6	3.2.0-patch6.x
cisco / identity_services_engine	3.2.0-patch5	3.2.0-patch5.x
cisco / identity_services_engine	3.2.0-patch4	3.2.0-patch4.x
cisco / identity_services_engine	3.3.0	3.3.0.x
cisco / identity_services_engine	3.2.0-patch2	3.2.0-patch2.x
cisco / identity_services_engine	3.2.0	3.2.0.x
cisco / identity_services_engine	3.1.0	3.1.0.x
cisco / identity_services_engine	3.0.0	3.0.0.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE

Vulnerability Database

289,599

CVE-2024-20539