Unauthenticated Privilege Elevation Vulnerability in Cisco NAM Could Allow Attacker to Execute Arbitrary Code with SYSTEM Privileges

CVE-2024-20391

6.8MEDIUM

Key Information

Vendor: Cisco
Status: Cisco Secure Client
Vendor: CVE Published:; 15 May 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.

Affected Version(s)

Cisco Secure Client = 4.9.00086

Cisco Secure Client = 4.9.01095

Cisco Secure Client = 4.9.02028

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 15, 2024
Vulnerability Reserved.
Nov 8, 2023
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database