Cisco AsyncOS Software Vulnerability Could Lead to XSS Attacks
CVE-2024-20383

4.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Email And Web Manager
Vendor: CVE Published:; 15 May 2024

What is CVE-2024-20383?

A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system.

The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system.

Affected Version(s)

Cisco Secure Email and Web Manager 9.0.0-087

Cisco Secure Email and Web Manager 11.0.0-115

Cisco Secure Email and Web Manager 11.0.1-161

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Nov 8, 2023