Cisco AsyncOS Software Vulnerability Could Lead to XSS Attacks

CVE-2024-20383

4.8MEDIUM

Key Information

Vendor: Cisco
Status: Cisco Secure Email And Web Manager
Vendor: CVE Published:; 15 May 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system.

Affected Version(s)

Cisco Secure Email and Web Manager = 9.0.0-087

Cisco Secure Email and Web Manager = 11.0.0-115

Cisco Secure Email and Web Manager = 11.0.1-161

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
May 15, 2024
Vulnerability Reserved.
Nov 8, 2023
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database