{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-20391","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2023-11-08T15:08:07.659Z","datePublished":"2024-05-15T17:24:34.138Z","dateUpdated":"2024-08-01T21:59:42.903Z"},"containers":{"cna":{"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-05-15T17:24:34.138Z"},"descriptions":[{"lang":"en","value":"A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.\r\n\r This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device."}],"affected":[{"vendor":"Cisco","product":"Cisco Secure Client","versions":[{"version":"4.9.00086","status":"affected"},{"version":"4.9.01095","status":"affected"},{"version":"4.9.02028","status":"affected"},{"version":"4.9.03047","status":"affected"},{"version":"4.9.03049","status":"affected"},{"version":"4.9.04043","status":"affected"},{"version":"4.9.04053","status":"affected"},{"version":"4.9.05042","status":"affected"},{"version":"4.9.06037","status":"affected"},{"version":"4.10.00093","status":"affected"},{"version":"4.10.01075","status":"affected"},{"version":"4.10.02086","status":"affected"},{"version":"4.10.03104","status":"affected"},{"version":"4.10.04065","status":"affected"},{"version":"4.10.04071","status":"affected"},{"version":"4.10.05085","status":"affected"},{"version":"4.10.05095","status":"affected"},{"version":"4.10.05111","status":"affected"},{"version":"4.10.06079","status":"affected"},{"version":"4.10.06090","status":"affected"},{"version":"4.10.07061","status":"affected"},{"version":"4.10.07062","status":"affected"},{"version":"4.10.07073","status":"affected"},{"version":"4.10.08025","status":"affected"},{"version":"4.10.08029","status":"affected"},{"version":"5.0.00238","status":"affected"},{"version":"5.0.00529","status":"affected"},{"version":"5.0.00556","status":"affected"},{"version":"5.0.01242","status":"affected"},{"version":"5.0.02075","status":"affected"},{"version":"5.0.03072","status":"affected"},{"version":"5.0.03076","status":"affected"},{"version":"5.0.04032","status":"affected"},{"version":"5.0.05040","status":"affected"},{"version":"5.1.0.136","status":"affected"},{"version":"5.1.1.42","status":"affected"},{"version":"5.1.2.42","status":"affected"}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Missing Authentication for Critical Function","type":"cwe","cweId":"CWE-306"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ","name":"cisco-sa-secure-nam-priv-esc-szu2vYpZ"}],"metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-secure-nam-priv-esc-szu2vYpZ","discovery":"EXTERNAL","defects":["CSCwj48522"]}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-20391","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-05-15T18:58:26.955767Z"}}}],"affected":[{"cpes":["cpe:2.3:a:cisco:secure_client:4.9.01095:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.9.01095"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.9.02028:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.9.02028"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.9.03047:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.9.03047"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.9.03049:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.9.03049"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.9.04043:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.9.04043"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.9.04053:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.9.04053"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.9.05042:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.9.05042"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.9.06037:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.9.06037"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.00093"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.01075"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.02086"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.03104"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.04065"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.04071"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.05085"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.05095"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.05111"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.06079"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.06090"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.07061"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.07062"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.07073"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.08025:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.08025"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.10.08029:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.10.08029"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"5.0.00238"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"5.0.00529"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"5.0.00556"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"5.0.01242"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"5.0.02075"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"5.0.03072"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"5.0.03076"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:5.0.04032:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"5.0.04032"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:5.0.05040:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"5.0.05040"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:4.9.00086:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"4.9.00086"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:5.1.0.136:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"5.1.0.136"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:5.1.1.42:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"5.1.1.42"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:cisco:secure_client:5.1.2.42:*:*:*:*:*:*:*"],"vendor":"cisco","product":"secure_client","versions":[{"status":"affected","version":"5.1.2.42"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:40:05.799Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:59:42.903Z"},"title":"CVE Program Container","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ","name":"cisco-sa-secure-nam-priv-esc-szu2vYpZ","tags":["x_transferred"]}]}]}}