We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Ok

THREATINT
PUBLISHED

CVE-2024-20391

Reserved:2023-11-08
Published:2024-05-15
Updated:2024-05-15

Description

A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.



MEDIUM: 6.8CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Missing Authentication for Critical Function

Product status

4.9.00086
affected

4.9.01095
affected

4.9.02028
affected

4.9.03047
affected

4.9.03049
affected

4.9.04043
affected

4.9.04053
affected

4.9.05042
affected

4.9.06037
affected

4.10.00093
affected

4.10.01075
affected

4.10.02086
affected

4.10.03104
affected

4.10.04065
affected

4.10.04071
affected

4.10.05085
affected

4.10.05095
affected

4.10.05111
affected

4.10.06079
affected

4.10.06090
affected

4.10.07061
affected

4.10.07062
affected

4.10.07073
affected

4.10.08025
affected

4.10.08029
affected

5.0.00238
affected

5.0.00529
affected

5.0.00556
affected

5.0.01242
affected

5.0.02075
affected

5.0.03072
affected

5.0.03076
affected

5.0.04032
affected

5.0.05040
affected

5.1.0.136
affected

5.1.1.42
affected

5.1.2.42
affected

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ (cisco-sa-secure-nam-priv-esc-szu2vYpZ)

cve.org CVE-2024-20391

nvd.nist.gov CVE-2024-20391

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-20391