Cisco AsyncOS Software Vulnerability Could Lead to XSS Attacks
CVE-2024-20383

8.4HIGH

Key Information:

Vendor

Cisco
Status
Cisco Secure Email And Web Manager
Vendor
CVE Published:
15 May 2024

Badges

👾 Exploit Exists

What is CVE-2024-20383?

A vulnerability exists within the Cisco Crosswork NSO CLI and ConfD CLI that allows a low-privileged, authenticated local attacker to gain root privileges on the operating system. This issue stems from improper privilege assignments triggered by specific CLI commands. By executing these commands, an attacker can exploit this flaw, leading to elevated privileges and potentially compromising the system's integrity.

Affected Version(s)

Cisco Secure Email and Web Manager 13.6.2-078

Cisco Secure Email and Web Manager 13.0.0-277

Cisco Secure Email and Web Manager 13.8.1-068

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-20383 : Cisco AsyncOS Software Vulnerability Could Lead to XSS Attacks