SB2024051619 - Missing Authentication for Critical Function in Cisco Secure Client for Windows

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024051619

SB2024051619 - Missing Authentication for Critical Function in Cisco Secure Client for Windows

Published: May 16, 2024

Security Bulletin ID SB2024051619
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Physical access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Missing Authentication for Critical Function (CVE-ID: CVE-2024-20391)

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to a lack of authentication on a specific function in the Network Access Manager (NAM) module. An attacker with physical access can execute arbitrary code with SYSTEM privileges on the target device.


Remediation

Install update from vendor's website.

References