Cisco AsyncOS Software Vulnerability Could Lead to XSS Attacks
CVE-2024-20383
4.8MEDIUM
Key Information
- Vendor
- Cisco
- Status
- Cisco Secure Email And Web Manager
- Vendor
- CVE Published:
- 15 May 2024
Badges
👾 Exploit Exists
Summary
A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system.
Affected Version(s)
Cisco Secure Email and Web Manager = 9.0.0-087
Cisco Secure Email and Web Manager = 11.0.0-115
Cisco Secure Email and Web Manager = 11.0.1-161
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
- 👾
Exploit exists.
Collectors
NVD DatabaseMitre Database