How severe is CVE-2024-20332?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-20332?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2024-20332 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. To successfully exploit this vulnerability, the attacker would need valid Super Admin credentials.

Related Vulnerabilities

CVE-2016-3718

MEDIUM

CVSS:5.5(Medium)

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

CWE-9182016

CVE-2019-20872

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.

CWE-9182019

CVE-2020-14327

MEDIUM

CVSS:5.5(Medium)

A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the se...

CWE-9182020

CVE-2020-27018

MEDIUM

CVSS:5.5(Medium)

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's w...

CWE-9182020

CVE-2022-24871

MEDIUM

CVSS:5.5(Medium)

Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Use...

CWE-9182022

CVE-2022-25876

MEDIUM

CVSS:5.5(Medium)

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due...

CWE-9182022