Cisco AsyncOS Software Vulnerability Could Lead to XSS Attacks
CVE-2024-20383

8.4HIGH

Key Information:

Vendor: Cisco
Status: Cisco Secure Email And Web Manager
Vendor: CVE Published:; 15 May 2024

Badges

👾 Exploit Exists

What is CVE-2024-20383?

A vulnerability exists within the Cisco Crosswork NSO CLI and ConfD CLI that allows a low-privileged, authenticated local attacker to gain root privileges on the operating system. This issue stems from improper privilege assignments triggered by specific CLI commands. By executing these commands, an attacker can exploit this flaw, leading to elevated privileges and potentially compromising the system's integrity.

Affected Version(s)

Cisco Secure Email and Web Manager 13.6.2-078

Cisco Secure Email and Web Manager 13.0.0-277

Cisco Secure Email and Web Manager 13.8.1-068

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 8, 2025
Vulnerability published
May 15, 2024
Vulnerability Reserved
Nov 8, 2023