Cisco AsyncOS Software Vulnerability Could Lead to XSS Attacks
CVE-2024-20383

8.4HIGH

Key Information:

Vendor: Cisco
Status: Cisco Secure Email And Web Manager
Vendor: CVE Published:; 15 May 2024

Badges

👾 Exploit Exists

What is CVE-2024-20383?

A vulnerability exists within the Cisco Crosswork NSO CLI and ConfD CLI that allows a low-privileged, authenticated local attacker to gain root privileges on the operating system. This issue stems from improper privilege assignments triggered by specific CLI commands. By executing these commands, an attacker can exploit this flaw, leading to elevated privileges and potentially compromising the system's integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Secure Email and Web Manager 13.6.2-078

Cisco Secure Email and Web Manager 13.0.0-277

Cisco Secure Email and Web Manager 13.8.1-068

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 8, 2025
Vulnerability published
May 15, 2024
Vulnerability Reserved
Nov 8, 2023

JSON

Cisco

Badges

What is CVE-2024-20383?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.