CVE-2024-20325 MEDIUM

CVE-2024-20325

Vendor Cisco
Product Cisco Unified Intelligence Center
Weakness CWE-284
Published February 21, 2024
Last update August 27, 2024
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.

Key dates

02Disclosure timeline

February 21, 2024 CVE published
August 27, 2024 Record updated