Cisco Secure Client NAM Module Privilege Escalation (cisco-sa-secure-nam-priv-esc-szu2vYpZ)

medium Nessus Plugin ID 197880

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwj48522

Plugin Details

Severity: Medium

ID: 197880

File Name: cisco-sa-secure-nam-priv-esc-szu2vYpZ.nasl

Version: 1.2

Type: local

Agent: windows

Family: CISCO

Published: 5/24/2024

Updated: 9/10/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-20391

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:secure_client, cpe:/a:cisco:anyconnect_secure_mobility_client

Required KB Items: installed_sw/Cisco AnyConnect Secure Mobility Client

Exploit Ease: No known exploits are available

Patch Publication Date: 5/15/2024

Vulnerability Publication Date: 5/15/2024

Reference Information

CVE: CVE-2024-20391

CWE: 306

CISCO-SA: cisco-sa-secure-nam-priv-esc-szu2vYpZ

IAVA: 2024-A-0298

CISCO-BUG-ID: CSCwj48522

Detections

Analytics