How severe is CVE-2024-20466?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2024-20466?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2024-20466 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.

Related Vulnerabilities

CVE-2023-2485

MEDIUM

CVSS:4.9(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A...

CWE-2662023

CVE-2023-3775

MEDIUM

CVSS:4.9(Medium)

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potent...

CWE-2662023

CVE-2025-25023

MEDIUM

CVSS:4.9(Medium)

IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment.

CWE-2662025

CVE-2025-25767

MEDIUM

CVSS:4.8(Medium)

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.

CWE-2662025

CVE-2024-31760

MEDIUM

CVSS:4.7(Medium)

An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via the Session Expiration component.

CWE-2662024

CVE-2025-2090

MEDIUM

CVSS:4.7(Medium)

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php of the com...

CWE-2662025