vulnerability

Cisco AnyConnect: CVE-2024-20391: Cisco Secure Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	05/15/2024	07/26/2024	09/12/2024

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

05/15/2024

Added

07/26/2024

Modified

09/12/2024

Description

A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.

This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.

Solution

cisco-anyconnect-upgrade-latest

References

CVE-2024-20391
https://attackerkb.com/topics/CVE-2024-20391
URL-https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ
CISCO-cisco-sa-secure-nam-priv-esc-szu2vYpZ

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today