Show plain JSON{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-krW2TxA9", "name": "cisco-sa-ise-file-upload-krW2TxA9", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:41.103Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20296", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-17T21:12:19.717053Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cisco:identity_services_engine_software:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:2.7.0_p1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:2.7.0_p2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:2.7.0_p3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:2.7.0_p4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:2.7.0_p5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:2.7.0_p6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:2.7.0_p7:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:2.7.0_p8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:2.7.0_p9:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:2.7.0_p10:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.0.0_p1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.0.0_p2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.0.0_p3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.0.0_p4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.0.0_p5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.0.0_p6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.0.0_p7:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.0.0_p8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.1.0_p1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.1.0_p3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.1.0_p2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.1.0_p4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.1.0_p5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.1.0_p6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.1.0_p7:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.1.0_p8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.1.0_p9:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.2.0_p1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.2.0_p2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.2.0_p3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.2.0_p4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.2.0_p5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.2.0_p6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:identity_services_engine_software:3.3.0:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "identity_services_engine_software", "versions": [{"status": "affected", "version": "2.7.0"}, {"status": "affected", "version": "2.7.0_p1"}, {"status": "affected", "version": "2.7.0_p2"}, {"status": "affected", "version": "2.7.0_p3"}, {"status": "affected", "version": "2.7.0_p4"}, {"status": "affected", "version": "2.7.0_p5"}, {"status": "affected", "version": "2.7.0_p6"}, {"status": "affected", "version": "2.7.0_p7"}, {"status": "affected", "version": "2.7.0_p8"}, {"status": "affected", "version": "2.7.0_p9"}, {"status": "affected", "version": "2.7.0_p10"}, {"status": "affected", "version": "3.0.0"}, {"status": "affected", "version": "3.0.0_p1"}, {"status": "affected", "version": "3.0.0_p2"}, {"status": "affected", "version": "3.0.0_p3"}, {"status": "affected", "version": "3.0.0_p4"}, {"status": "affected", "version": "3.0.0_p5"}, {"status": "affected", "version": "3.0.0_p6"}, {"status": "affected", "version": "3.0.0_p7"}, {"status": "affected", "version": "3.0.0_p8"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.1.0_p1"}, {"status": "affected", "version": "3.1.0_p3"}, {"status": "affected", "version": "3.1.0_p2"}, {"status": "affected", "version": "3.1.0_p4"}, {"status": "affected", "version": "3.1.0_p5"}, {"status": "affected", "version": "3.1.0_p6"}, {"status": "affected", "version": "3.1.0_p7"}, {"status": "affected", "version": "3.1.0_p8"}, {"status": "affected", "version": "3.1.0_p9"}, {"status": "affected", "version": "3.2.0"}, {"status": "affected", "version": "3.2.0_p1"}, {"status": "affected", "version": "3.2.0_p2"}, {"status": "affected", "version": "3.2.0_p3"}, {"status": "affected", "version": "3.2.0_p4"}, {"status": "affected", "version": "3.2.0_p5"}, {"status": "affected", "version": "3.2.0_p6"}, {"status": "affected", "version": "3.3.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T21:14:19.971Z"}}], "cna": {"source": {"defects": ["CSCwh97876"], "advisory": "cisco-sa-ise-file-upload-krW2TxA9", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"status": "affected", "version": "2.7.0"}, {"status": "affected", "version": "2.7.0 p1"}, {"status": "affected", "version": "2.7.0 p2"}, {"status": "affected", "version": "2.7.0 p3"}, {"status": "affected", "version": "2.7.0 p4"}, {"status": "affected", "version": "2.7.0 p5"}, {"status": "affected", "version": "2.7.0 p6"}, {"status": "affected", "version": "2.7.0 p7"}, {"status": "affected", "version": "2.7.0 p8"}, {"status": "affected", "version": "2.7.0 p9"}, {"status": "affected", "version": "2.7.0 p10"}, {"status": "affected", "version": "3.0.0"}, {"status": "affected", "version": "3.0.0 p1"}, {"status": "affected", "version": "3.0.0 p2"}, {"status": "affected", "version": "3.0.0 p3"}, {"status": "affected", "version": "3.0.0 p4"}, {"status": "affected", "version": "3.0.0 p5"}, {"status": "affected", "version": "3.0.0 p6"}, {"status": "affected", "version": "3.0.0 p7"}, {"status": "affected", "version": "3.0.0 p8"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.1.0 p1"}, {"status": "affected", "version": "3.1.0 p3"}, {"status": "affected", "version": "3.1.0 p2"}, {"status": "affected", "version": "3.1.0 p4"}, {"status": "affected", "version": "3.1.0 p5"}, {"status": "affected", "version": "3.1.0 p6"}, {"status": "affected", "version": "3.1.0 p7"}, {"status": "affected", "version": "3.1.0 p8"}, {"status": "affected", "version": "3.1.0 p9"}, {"status": "affected", "version": "3.2.0"}, {"status": "affected", "version": "3.2.0 p1"}, {"status": "affected", "version": "3.2.0 p2"}, {"status": "affected", "version": "3.2.0 p3"}, {"status": "affected", "version": "3.2.0 p4"}, {"status": "affected", "version": "3.2.0 p5"}, {"status": "affected", "version": "3.2.0 p6"}, {"status": "affected", "version": "3.3.0"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-krW2TxA9", "name": "cisco-sa-ise-file-upload-krW2TxA9"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device.\r\n\r This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-434", "description": "Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-07-17T16:28:22.193Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20296", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:59:41.103Z", "dateReserved": "2023-11-08T15:08:07.629Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-07-17T16:28:22.193Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}