Unauthenticated Privilege Elevation Vulnerability in Cisco NAM Could Allow Attacker to Execute Arbitrary Code with SYSTEM Privileges
CVE-2024-20391

6.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Client
Vendor: CVE Published:; 15 May 2024

Summary

A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.

This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.

Affected Version(s)

Cisco Secure Client 4.9.00086

Cisco Secure Client 4.9.01095

Cisco Secure Client 4.9.02028

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Nov 8, 2023