{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20391", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.659Z", "datePublished": "2024-05-15T17:24:34.138Z", "dateUpdated": "2024-08-01T21:59:42.903Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-05-15T17:24:34.138Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.\r\n\r This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device."}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Client", "versions": [{"version": "4.9.00086", "status": "affected"}, {"version": "4.9.01095", "status": "affected"}, {"version": "4.9.02028", "status": "affected"}, {"version": "4.9.03047", "status": "affected"}, {"version": "4.9.03049", "status": "affected"}, {"version": "4.9.04043", "status": "affected"}, {"version": "4.9.04053", "status": "affected"}, {"version": "4.9.05042", "status": "affected"}, {"version": "4.9.06037", "status": "affected"}, {"version": "4.10.00093", "status": "affected"}, {"version": "4.10.01075", "status": "affected"}, {"version": "4.10.02086", "status": "affected"}, {"version": "4.10.03104", "status": "affected"}, {"version": "4.10.04065", "status": "affected"}, {"version": "4.10.04071", "status": "affected"}, {"version": "4.10.05085", "status": "affected"}, {"version": "4.10.05095", "status": "affected"}, {"version": "4.10.05111", "status": "affected"}, {"version": "4.10.06079", "status": "affected"}, {"version": "4.10.06090", "status": "affected"}, {"version": "4.10.07061", "status": "affected"}, {"version": "4.10.07062", "status": "affected"}, {"version": "4.10.07073", "status": "affected"}, {"version": "4.10.08025", "status": "affected"}, {"version": "4.10.08029", "status": "affected"}, {"version": "5.0.00238", "status": "affected"}, {"version": "5.0.00529", "status": "affected"}, {"version": "5.0.00556", "status": "affected"}, {"version": "5.0.01242", "status": "affected"}, {"version": "5.0.02075", "status": "affected"}, {"version": "5.0.03072", "status": "affected"}, {"version": "5.0.03076", "status": "affected"}, {"version": "5.0.04032", "status": "affected"}, {"version": "5.0.05040", "status": "affected"}, {"version": "5.1.0.136", "status": "affected"}, {"version": "5.1.1.42", "status": "affected"}, {"version": "5.1.2.42", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Missing Authentication for Critical Function", "type": "cwe", "cweId": "CWE-306"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ", "name": "cisco-sa-secure-nam-priv-esc-szu2vYpZ"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-secure-nam-priv-esc-szu2vYpZ", "discovery": "EXTERNAL", "defects": ["CSCwj48522"]}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20391", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-15T18:58:26.955767Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.01095:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.01095"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.02028:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.02028"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.03047:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.03047"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.03049:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.03049"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.04043:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.04043"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.04053:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.04053"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.05042:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.05042"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.06037:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.06037"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.00093"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.01075"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.02086"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.03104"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.04065"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.04071"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.05085"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.05095"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.05111"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.06079"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.06090"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.07061"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.07062"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.07073"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.08025:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.08025"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.08029:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.08029"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.00238"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.00529"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.00556"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.01242"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.02075"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.03072"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.03076"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.04032:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.04032"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.05040:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.05040"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.00086:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.00086"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.1.0.136:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.1.0.136"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.1.1.42:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.1.1.42"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.1.2.42:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.1.2.42"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:40:05.799Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:42.903Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ", "name": "cisco-sa-secure-nam-priv-esc-szu2vYpZ", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ", "name": "cisco-sa-secure-nam-priv-esc-szu2vYpZ", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:42.903Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20391", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-15T18:58:26.955767Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.01095:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.01095"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.02028:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.02028"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.03047:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.03047"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.03049:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.03049"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.04043:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.04043"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.04053:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.04053"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.05042:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.05042"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.06037:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.06037"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.00093"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.01075"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.02086"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.03104"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.04065"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.04071"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.05085"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.05095"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.05111"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.06079"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.06090"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.07061"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.07062"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.07073"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.08025:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.08025"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.10.08029:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.10.08029"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.00238"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.00529"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.00556"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.01242"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.02075"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.03072"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.03076"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.04032:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.04032"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.0.05040:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.0.05040"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:4.9.00086:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "4.9.00086"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.1.0.136:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.1.0.136"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.1.1.42:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.1.1.42"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:secure_client:5.1.2.42:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_client", "versions": [{"status": "affected", "version": "5.1.2.42"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-15T19:02:43.350Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"source": {"defects": ["CSCwj48522"], "advisory": "cisco-sa-secure-nam-priv-esc-szu2vYpZ", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Client", "versions": [{"status": "affected", "version": "4.9.00086"}, {"status": "affected", "version": "4.9.01095"}, {"status": "affected", "version": "4.9.02028"}, {"status": "affected", "version": "4.9.03047"}, {"status": "affected", "version": "4.9.03049"}, {"status": "affected", "version": "4.9.04043"}, {"status": "affected", "version": "4.9.04053"}, {"status": "affected", "version": "4.9.05042"}, {"status": "affected", "version": "4.9.06037"}, {"status": "affected", "version": "4.10.00093"}, {"status": "affected", "version": "4.10.01075"}, {"status": "affected", "version": "4.10.02086"}, {"status": "affected", "version": "4.10.03104"}, {"status": "affected", "version": "4.10.04065"}, {"status": "affected", "version": "4.10.04071"}, {"status": "affected", "version": "4.10.05085"}, {"status": "affected", "version": "4.10.05095"}, {"status": "affected", "version": "4.10.05111"}, {"status": "affected", "version": "4.10.06079"}, {"status": "affected", "version": "4.10.06090"}, {"status": "affected", "version": "4.10.07061"}, {"status": "affected", "version": "4.10.07062"}, {"status": "affected", "version": "4.10.07073"}, {"status": "affected", "version": "4.10.08025"}, {"status": "affected", "version": "4.10.08029"}, {"status": "affected", "version": "5.0.00238"}, {"status": "affected", "version": "5.0.00529"}, {"status": "affected", "version": "5.0.00556"}, {"status": "affected", "version": "5.0.01242"}, {"status": "affected", "version": "5.0.02075"}, {"status": "affected", "version": "5.0.03072"}, {"status": "affected", "version": "5.0.03076"}, {"status": "affected", "version": "5.0.04032"}, {"status": "affected", "version": "5.0.05040"}, {"status": "affected", "version": "5.1.0.136"}, {"status": "affected", "version": "5.1.1.42"}, {"status": "affected", "version": "5.1.2.42"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ", "name": "cisco-sa-secure-nam-priv-esc-szu2vYpZ"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.\r\n\r This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-306", "description": "Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-05-15T17:24:34.138Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20391", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:59:42.903Z", "dateReserved": "2023-11-08T15:08:07.659Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-05-15T17:24:34.138Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FF362C4-2803-4CF9-83BE-34722F69E3E0", "versionEndExcluding": "5.1.3.62", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.\r\n\r This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device."}, {"lang": "es", "value": "Una vulnerabilidad en el m\u00f3dulo Network Access Manager (NAM) de Cisco Secure Client podr\u00eda permitir que un atacante no autenticado con acceso f\u00edsico a un dispositivo afectado eleve privilegios al SYSTEM. Esta vulnerabilidad se debe a la falta de autenticaci\u00f3n en una funci\u00f3n espec\u00edfica. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario con privilegios de SYSTEM en un dispositivo afectado."}], "id": "CVE-2024-20391", "lastModified": "2025-07-22T18:02:45.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "psirt@cisco.com", "type": "Secondary"}]}, "published": "2024-05-15T18:15:10.153", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "psirt@cisco.com", "type": "Secondary"}]}

{}