Cross-Site Scripting Vulnerability in Cisco Identity Services Engine Management Interface
CVE-2025-20205

4.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Identity Services Engine Software
Vendor
CVE Published:
5 February 2025

Badges

👾 Exploit Exists

Summary

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) allows authenticated remote attackers to conduct cross-site scripting (XSS) attacks. This issue arises from inadequate validation of user-supplied input, enabling attackers to inject malicious scripts into the management interface's pages. Successful exploitation can lead to the execution of arbitrary script code in the context of the user's session or the capture of sensitive information accessed by the browser. This vulnerability requires an attacker to possess valid administrative credentials to execute an attack.

Affected Version(s)

Cisco Identity Services Engine Software 3.0.0

Cisco Identity Services Engine Software 3.0.0 p1

Cisco Identity Services Engine Software 3.0.0 p2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.