Cisco IOS XE Software Vulnerability Allows Access to WLAN Configuration Details Including Passwords
CVE-2024-20324
5.5MEDIUM
Key Information
- Vendor
- Cisco
- Status
- Cisco iOS Xe Software
- Vendor
- CVE Published:
- 27 March 2024
Badges
๐พ Exploit Exists
Summary
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords.
This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration details, including passwords. A successful exploit could allow the attacker to access configuration details that they are not authorized to access.
Affected Version(s)
Cisco IOS XE Software = 16.10.1
Cisco IOS XE Software = 16.10.1s
Cisco IOS XE Software = 16.10.1e
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database