How severe is CVE-2024-20529?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-20529?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-20529 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system.

Related Vulnerabilities

CVE-2010-0481

MEDIUM

CVSS:5.5(Medium)

The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows ...

CWE-222010

CVE-2014-9485

MEDIUM

CVSS:5.5(Medium)

Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry ...

CWE-222014

CVE-2014-9983

MEDIUM

CVSS:5.5(Medium)

Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files vi...

CWE-222014

CVE-2015-6591

MEDIUM

CVSS:5.5(Medium)

Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter.

CWE-222015

CVE-2016-7569

MEDIUM

CVSS:5.5(Medium)

Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.

CWE-222016

CVE-2016-7842

MEDIUM

CVSS:5.5(Medium)

Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.

CWE-222016