CVE-2024-20391 (GCVE-0-2024-20391)
Vulnerability from cvelistv5 – Published: 2024-05-15 17:24 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.
This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.
Severity ?
6.8 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Client |
Affected:
4.9.00086
Affected: 4.9.01095 Affected: 4.9.02028 Affected: 4.9.03047 Affected: 4.9.03049 Affected: 4.9.04043 Affected: 4.9.04053 Affected: 4.9.05042 Affected: 4.9.06037 Affected: 4.10.00093 Affected: 4.10.01075 Affected: 4.10.02086 Affected: 4.10.03104 Affected: 4.10.04065 Affected: 4.10.04071 Affected: 4.10.05085 Affected: 4.10.05095 Affected: 4.10.05111 Affected: 4.10.06079 Affected: 4.10.06090 Affected: 4.10.07061 Affected: 4.10.07062 Affected: 4.10.07073 Affected: 4.10.08025 Affected: 4.10.08029 Affected: 5.0.00238 Affected: 5.0.00529 Affected: 5.0.00556 Affected: 5.0.01242 Affected: 5.0.02075 Affected: 5.0.03072 Affected: 5.0.03076 Affected: 5.0.04032 Affected: 5.0.05040 Affected: 5.1.0.136 Affected: 5.1.1.42 Affected: 5.1.2.42 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.9.01095:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.9.01095"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.9.02028:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.9.02028"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.9.03047:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.9.03047"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.9.03049:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.9.03049"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.9.04043:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.9.04043"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.9.04053:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.9.04053"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.9.05042:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.9.05042"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.9.06037:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.9.06037"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.00093"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.01075"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.02086"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.03104"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.04065"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.04071"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.05085"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.05095"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.05111"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.06079"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.06090"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.07061"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.07062"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.07073"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.08025:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.08025"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.10.08029:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.10.08029"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.0.00238"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.0.00529"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.0.00556"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.0.01242"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.0.02075"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.0.03072"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.0.03076"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:5.0.04032:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.0.04032"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:5.0.05040:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.0.05040"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:4.9.00086:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "4.9.00086"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:5.1.0.136:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.1.0.136"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:5.1.1.42:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.1.1.42"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:secure_client:5.1.2.42:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_client",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.1.2.42"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T18:58:26.955767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:05.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-secure-nam-priv-esc-szu2vYpZ",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Secure Client",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.9.00086"
},
{
"status": "affected",
"version": "4.9.01095"
},
{
"status": "affected",
"version": "4.9.02028"
},
{
"status": "affected",
"version": "4.9.03047"
},
{
"status": "affected",
"version": "4.9.03049"
},
{
"status": "affected",
"version": "4.9.04043"
},
{
"status": "affected",
"version": "4.9.04053"
},
{
"status": "affected",
"version": "4.9.05042"
},
{
"status": "affected",
"version": "4.9.06037"
},
{
"status": "affected",
"version": "4.10.00093"
},
{
"status": "affected",
"version": "4.10.01075"
},
{
"status": "affected",
"version": "4.10.02086"
},
{
"status": "affected",
"version": "4.10.03104"
},
{
"status": "affected",
"version": "4.10.04065"
},
{
"status": "affected",
"version": "4.10.04071"
},
{
"status": "affected",
"version": "4.10.05085"
},
{
"status": "affected",
"version": "4.10.05095"
},
{
"status": "affected",
"version": "4.10.05111"
},
{
"status": "affected",
"version": "4.10.06079"
},
{
"status": "affected",
"version": "4.10.06090"
},
{
"status": "affected",
"version": "4.10.07061"
},
{
"status": "affected",
"version": "4.10.07062"
},
{
"status": "affected",
"version": "4.10.07073"
},
{
"status": "affected",
"version": "4.10.08025"
},
{
"status": "affected",
"version": "4.10.08029"
},
{
"status": "affected",
"version": "5.0.00238"
},
{
"status": "affected",
"version": "5.0.00529"
},
{
"status": "affected",
"version": "5.0.00556"
},
{
"status": "affected",
"version": "5.0.01242"
},
{
"status": "affected",
"version": "5.0.02075"
},
{
"status": "affected",
"version": "5.0.03072"
},
{
"status": "affected",
"version": "5.0.03076"
},
{
"status": "affected",
"version": "5.0.04032"
},
{
"status": "affected",
"version": "5.0.05040"
},
{
"status": "affected",
"version": "5.1.0.136"
},
{
"status": "affected",
"version": "5.1.1.42"
},
{
"status": "affected",
"version": "5.1.2.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.\r\n\r This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T17:24:34.138Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-secure-nam-priv-esc-szu2vYpZ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ"
}
],
"source": {
"advisory": "cisco-sa-secure-nam-priv-esc-szu2vYpZ",
"defects": [
"CSCwj48522"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20391",
"datePublished": "2024-05-15T17:24:34.138Z",
"dateReserved": "2023-11-08T15:08:07.659Z",
"dateUpdated": "2024-08-01T21:59:42.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.\\r\\n\\r This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el m\\u00f3dulo Network Access Manager (NAM) de Cisco Secure Client podr\\u00eda permitir que un atacante no autenticado con acceso f\\u00edsico a un dispositivo afectado eleve privilegios al SYSTEM. Esta vulnerabilidad se debe a la falta de autenticaci\\u00f3n en una funci\\u00f3n espec\\u00edfica. Un exploit exitoso podr\\u00eda permitir al atacante ejecutar c\\u00f3digo arbitrario con privilegios de SYSTEM en un dispositivo afectado.\"}]",
"id": "CVE-2024-20391",
"lastModified": "2024-11-21T08:52:31.933",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.9}]}",
"published": "2024-05-15T18:15:10.153",
"references": "[{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-20391\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2024-05-15T18:15:10.153\",\"lastModified\":\"2025-07-22T18:02:45.250\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.\\r\\n\\r This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el m\u00f3dulo Network Access Manager (NAM) de Cisco Secure Client podr\u00eda permitir que un atacante no autenticado con acceso f\u00edsico a un dispositivo afectado eleve privilegios al SYSTEM. Esta vulnerabilidad se debe a la falta de autenticaci\u00f3n en una funci\u00f3n espec\u00edfica. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario con privilegios de SYSTEM en un dispositivo afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_client:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.1.3.62\",\"matchCriteriaId\":\"4FF362C4-2803-4CF9-83BE-34722F69E3E0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ\", \"name\": \"cisco-sa-secure-nam-priv-esc-szu2vYpZ\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:59:42.903Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-20391\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-15T18:58:26.955767Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.9.01095:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9.01095\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.9.02028:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9.02028\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.9.03047:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9.03047\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.9.03049:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9.03049\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.9.04043:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9.04043\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.9.04053:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9.04053\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.9.05042:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9.05042\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.9.06037:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9.06037\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.00093\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.01075\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.02086\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.03104\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.04065\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.04071\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.05085\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.05095\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.05111\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.06079\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.06090\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.07061\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.07062\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.07073\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.08025:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.08025\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.10.08029:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10.08029\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.00238\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.00529\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.00556\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.01242\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.02075\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.03072\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.03076\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:5.0.04032:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.04032\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:5.0.05040:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.05040\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:4.9.00086:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9.00086\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:5.1.0.136:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.1.0.136\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:5.1.1.42:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.1.1.42\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:secure_client:5.1.2.42:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"secure_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.1.2.42\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-15T19:02:43.350Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"source\": {\"defects\": [\"CSCwj48522\"], \"advisory\": \"cisco-sa-secure-nam-priv-esc-szu2vYpZ\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Secure Client\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9.00086\"}, {\"status\": \"affected\", \"version\": \"4.9.01095\"}, {\"status\": \"affected\", \"version\": \"4.9.02028\"}, {\"status\": \"affected\", \"version\": \"4.9.03047\"}, {\"status\": \"affected\", \"version\": \"4.9.03049\"}, {\"status\": \"affected\", \"version\": \"4.9.04043\"}, {\"status\": \"affected\", \"version\": \"4.9.04053\"}, {\"status\": \"affected\", \"version\": \"4.9.05042\"}, {\"status\": \"affected\", \"version\": \"4.9.06037\"}, {\"status\": \"affected\", \"version\": \"4.10.00093\"}, {\"status\": \"affected\", \"version\": \"4.10.01075\"}, {\"status\": \"affected\", \"version\": \"4.10.02086\"}, {\"status\": \"affected\", \"version\": \"4.10.03104\"}, {\"status\": \"affected\", \"version\": \"4.10.04065\"}, {\"status\": \"affected\", \"version\": \"4.10.04071\"}, {\"status\": \"affected\", \"version\": \"4.10.05085\"}, {\"status\": \"affected\", \"version\": \"4.10.05095\"}, {\"status\": \"affected\", \"version\": \"4.10.05111\"}, {\"status\": \"affected\", \"version\": \"4.10.06079\"}, {\"status\": \"affected\", \"version\": \"4.10.06090\"}, {\"status\": \"affected\", \"version\": \"4.10.07061\"}, {\"status\": \"affected\", \"version\": \"4.10.07062\"}, {\"status\": \"affected\", \"version\": \"4.10.07073\"}, {\"status\": \"affected\", \"version\": \"4.10.08025\"}, {\"status\": \"affected\", \"version\": \"4.10.08029\"}, {\"status\": \"affected\", \"version\": \"5.0.00238\"}, {\"status\": \"affected\", \"version\": \"5.0.00529\"}, {\"status\": \"affected\", \"version\": \"5.0.00556\"}, {\"status\": \"affected\", \"version\": \"5.0.01242\"}, {\"status\": \"affected\", \"version\": \"5.0.02075\"}, {\"status\": \"affected\", \"version\": \"5.0.03072\"}, {\"status\": \"affected\", \"version\": \"5.0.03076\"}, {\"status\": \"affected\", \"version\": \"5.0.04032\"}, {\"status\": \"affected\", \"version\": \"5.0.05040\"}, {\"status\": \"affected\", \"version\": \"5.1.0.136\"}, {\"status\": \"affected\", \"version\": \"5.1.1.42\"}, {\"status\": \"affected\", \"version\": \"5.1.2.42\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ\", \"name\": \"cisco-sa-secure-nam-priv-esc-szu2vYpZ\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.\\r\\n\\r This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-306\", \"description\": \"Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-05-15T17:24:34.138Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-20391\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:59:42.903Z\", \"dateReserved\": \"2023-11-08T15:08:07.659Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-05-15T17:24:34.138Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…