Severity
Medium
Analysis Summary
CVE-2024-20336 CVSS:6.5
Cisco Small Business 100, 300, and 500 Series Wireless Access Points are vulnerable to a buffer overflow, caused by improper bounds checking. By sending a crafted HTTP request, a remote authentocated attacker could overflow a buffer and execute arbitrary code as the root user.
CVE-2024-20338 CVS:7.3
Cisco Secure Client for Linux with ISE Posture Module could allow a local authenticated attacker to gain elevated privileges on the system, caused by the use of an uncontrolled search path element. By copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process, an attacker could exploit this vulnerability to execute arbitrary code with root privileges.
CVE-2024-20335 CVSS:6.5
Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow a remote authenticated attacker to execute arbitrary command on the system, caused by insufficient validation of user-supplied input. By sending a crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands as the root user.
CVE-2024-20337 CVSS:8.2
Cisco Secure Client could allow a remote attacker to execute arbitrary code on the system, caused by insufficient validation of user-supplied input. By persuading a user to click a crafted link while establishing a VPN session, an attacker could exploit this vulnerability to execute arbitrary script code in the browser or access sensitive, browser-based information.
CVE-2024-20301 CVSS:6.2
Cisco Duo Authentication for Windows Logon and RDP could allow a local authenticated attacker to bypass security restrictions, caused by a failure to invalidate locally created trusted sessions after a reboot. By sending a specially crafted request, an attacker could exploit this vulnerability to access the affected device without valid permissions.
CVE-2024-20292 CVSS:4.4
Cisco Duo Authentication for Windows Logon and RDP could allow a local authenticated attacker to obtain sensitive information, caused by improper storage of an unencrypted registry key in certain logs. By accessing the logs, a remote attacker could exploit this vulnerability to view sensitive information in clear text.
CVE-2024-20346 CVSS:5.4
Cisco AppDynamics Controller is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victims Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victims cookie-based authentication credentials.
CVE-2024-20345 CVSS:6.5
Cisco AppDynamics Controller could allow a remote authenticated attacker to traverse directories on the system. An attacker could sending a crafted request to access sensitive data.
Impact
- Gain Access
- Privilege Escalation
- Code Execution
- Security Bypass
- Information Disclosure
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2024-20336
- CVE-2024-20338
- CVE-2024-20335
- CVE-2024-20337
- CVE-2024-20301
- CVE-2024-20292
- CVE-2024-20346
- CVE-2024-20345
Affected Vendors
Cisco
Affected Products
- Cisco Secure Client for Linux
- Cisco Secure Client for MacOS
- Cisco Small Business 500 Series Wireless Access Points
- Cisco Small Business 100 Series Wireless Access Points
- Cisco Small Business 300 Series Wireless Access Points
- Cisco Secure Client for Windows
- Cisco Duo Authentication for Windows Logon and RDP
- Cisco AppDynamics Controller
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.