How severe is CVE-2024-20531?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-20531?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2024-20531 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system or conduct an SSRF attack through the affected device.

Related Vulnerabilities

CVE-2011-4107

MEDIUM

CVSS:6.5(Medium)

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary...

CWE-6112011

CVE-2012-0037

MEDIUM

CVSS:6.5(Medium)

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read ...

CWE-6112012

CVE-2012-3489

MEDIUM

CVSS:6.5(Medium)

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users ...

CWE-6112012

CVE-2014-3599

MEDIUM

CVSS:6.5(Medium)

HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy

CWE-6112014

CVE-2015-0194

MEDIUM

CVSS:6.5(Medium)

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.

CWE-6112015

CVE-2015-7743

MEDIUM

CVSS:6.5(Medium)

XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses ...

CWE-6112015