How severe is CVE-2024-20515?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-20515?

This is classified as CWE-311, which is a common weakness in software security.

CVE-2024-20515 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators.

Related Vulnerabilities

CVE-2010-3299

MEDIUM

CVSS:6.5(Medium)

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

CWE-3112010

CVE-2017-12716

MEDIUM

CVSS:6.5(Medium)

Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionall...

CWE-3112017

CVE-2017-14953

MEDIUM

CVSS:6.5(Medium)

HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi enc...

CWE-3112017

CVE-2018-4855

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission...

CWE-3112018

CVE-2018-5185

MEDIUM

CVSS:6.5(Medium)

Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

CWE-3112018

CVE-2019-1003088

MEDIUM

CVSS:6.5(Medium)

Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the mast...

CWE-3112019