Cisco Secure Client for Linux Vulnerability Could Lead to Elevated Privileges

CVE-2024-20338

7.3HIGH

Key Information

Vendor
Cisco
Status
Cisco Secure Client
Vendor
CVE Published:
6 March 2024

Badges

πŸ“° News Worthy

Summary

A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device.

This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges.

Affected Version(s)

Cisco Secure Client =

News Articles

favicon imageSpiceworks

Cisco Patches VPN Hijacking Bug - Spiceworks

Cisco has released patches for a critical vulnerability that enabled VPN hijacking in its Secure Client software. Find out more.

10 months ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by Spiceworks

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.