CVE-2024-20391
Last modified
CVE-2024-20391 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Client | < 5.1.3.62 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-20391?
How severe is CVE-2024-20391?
How do I fix CVE-2024-20391?
Are you affected by CVE-2024-20391?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST