We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-20391



Description

A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.

Reserved 2023-11-08 | Published 2024-05-15 | Updated 2024-08-01 | Assigner cisco


MEDIUM: 6.8CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Missing Authentication for Critical Function

Product status

4.9.00086
affected

4.9.01095
affected

4.9.02028
affected

4.9.03047
affected

4.9.03049
affected

4.9.04043
affected

4.9.04053
affected

4.9.05042
affected

4.9.06037
affected

4.10.00093
affected

4.10.01075
affected

4.10.02086
affected

4.10.03104
affected

4.10.04065
affected

4.10.04071
affected

4.10.05085
affected

4.10.05095
affected

4.10.05111
affected

4.10.06079
affected

4.10.06090
affected

4.10.07061
affected

4.10.07062
affected

4.10.07073
affected

4.10.08025
affected

4.10.08029
affected

5.0.00238
affected

5.0.00529
affected

5.0.00556
affected

5.0.01242
affected

5.0.02075
affected

5.0.03072
affected

5.0.03076
affected

5.0.04032
affected

5.0.05040
affected

5.1.0.136
affected

5.1.1.42
affected

5.1.2.42
affected

References

sec.cloudapps.cisco.com/...o-sa-secure-nam-priv-esc-szu2vYpZ (cisco-sa-secure-nam-priv-esc-szu2vYpZ)

cve.org (CVE-2024-20391)

nvd.nist.gov (CVE-2024-20391)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-20391

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.