7.1

CVE-2024-20325

EPSS 0.07%
Published 21.02.2024 17:15:09
Last modified 06.05.2025 17:43:06
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device.

 This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Unified Intelligence Center Version < 12.5(1)_es03

Cisco ≫ Unified Intelligence Center Version >= 12.6(1) < 12.6(1)_es08

Cisco ≫ Unified Intelligence Center Version >= 12.6(2) < 12.6(2)ES02

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.223

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
psirt@cisco.com	5.1	2.5	2.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-access-control-jJsZQMjj

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-20325

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20325

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20325

EUVD