How severe is CVE-2024-20476?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2024-20476?

This is classified as CWE-602, which is a common weakness in software security.

CVE-2024-20476 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload files to a location that should be restricted. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials.

Related Vulnerabilities

CVE-2023-20172

MEDIUM

CVSS:4.9(Medium)

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabil...

CWE-6022023

CVE-2023-39218

MEDIUM

CVSS:4.9(Medium)

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.

CWE-6022023

CVE-2024-43188

MEDIUM

CVSS:4.9(Medium)

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation.

CWE-6022024

CVE-2024-32512

MEDIUM

CVSS:5.3(Medium)

Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20.

CWE-6022024

CVE-2024-32521

MEDIUM

CVSS:5.3(Medium)

Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6.

CWE-6022024

CVE-2024-32685

MEDIUM

CVSS:5.3(Medium)

Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5.

CWE-6022024