Cisco Secure Client for Linux Vulnerability Could Lead to Elevated Privileges
CVE-2024-20338

7.3HIGH

Key Information:

Vendor: Cisco
Status: Cisco Secure Client
Vendor: CVE Published:; 6 March 2024

Badges

📰 News Worthy

Summary

A vulnerability exists in the ISE Posture (System Scan) module of Cisco Secure Client for Linux, enabling an authenticated local attacker to elevate privileges on the affected device. This vulnerability arises from the use of an uncontrolled search path element. An attacker can exploit the vulnerability by placing a malicious library file in a specific filesystem directory and convincing an administrator to restart a vulnerable process. This exploit can lead to the execution of arbitrary code with root privileges, providing the attacker with unauthorized access and control over the system.

Affected Version(s)

Cisco Secure Client

News Articles

Spiceworks

CVE-2024-20337 CVE-2024-20338

Cisco Patches VPN Hijacking Bug - Spiceworks

Cisco has released patches for a critical vulnerability that enabled VPN hijacking in its Secure Client software. Find out more.

11 months ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

📰
First article discovered by Spiceworks
Mar 11, 2024
Vulnerability published
Mar 6, 2024
Vulnerability Reserved
Nov 8, 2023

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Cisco Patches VPN Hijacking Bug - Spiceworks

References

CVSS V3.1

Timeline