Cisco AsyncOS Software Vulnerability Could Lead to XSS Attacks
CVE-2024-20383
4.8MEDIUM
What is CVE-2024-20383?
A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system.
The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system.
Affected Version(s)
Cisco Secure Email and Web Manager 9.0.0-087
Cisco Secure Email and Web Manager 11.0.0-115
Cisco Secure Email and Web Manager 11.0.1-161