Cross-Site Scripting Vulnerability in Cisco Identity Services Engine
CVE-2025-20204

4.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Identity Services Engine Software
Vendor: CVE Published:; 5 February 2025

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the web-based management interface of Cisco Identity Services Engine (ISE) allowing authenticated attackers to inject malicious code. This flaw arises from improper validation of user input, enabling attackers to execute arbitrary scripts within the interface and potentially access sensitive information stored in the user's browser session. Successful exploitation requires valid administrative credentials, making it crucial for users to assess and secure their configurations.

Affected Version(s)

Cisco Identity Services Engine Software 3.0.0

Cisco Identity Services Engine Software 3.0.0 p1

Cisco Identity Services Engine Software 3.0.0 p2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Feb 5, 2025
Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Oct 10, 2024