July 2, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
LunarWeb and LunarMail Backdoors Used by Turla Group to Target Diplomatic Missions – Active IOCs
May 16, 2024
Over 53,000 Employees Affected by Nissan North America Data Breach
May 16, 2024
LunarWeb and LunarMail Backdoors Used by Turla Group to Target Diplomatic Missions – Active IOCs
May 16, 2024
Over 53,000 Employees Affected by Nissan North America Data Breach
May 16, 2024
Severity
Medium
Analysis Summary
CVE-2024-20391 CVSS: 6.8
Cisco Secure Client for Windows could allow a physical attacker to gain elevated privileges on the system, caused by the lack of authentication on a specific function. An attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges.
CVE-2024-20326 CVSS: 7.8
Cisco Crosswork Network Services Orchestrator could allow a local authenticated attacker to bypass security restrictions, caused by improper authorization enforcement when specific CLI commands are used. By executing a specially crafted CLI command, an attacker could exploit this vulnerability to read or write arbitrary files on the underlying operating system with the privileges of the root user.
CVE-2024-20389 CVSS: 7.8
Cisco Crosswork Network Services Orchestrator could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect privilege assignment when specific CLI commands are used. By executing a specially crafted CLI command, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-20369 CVSS: 4.7
Cisco Crosswork Network Services Orchestrator could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVE-2024-20392 CVSS: 5.4
Cisco Secure Email Gateway is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability to inject arbitrary HTTP response header in some form and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.
CVE-2024-20394 CVSS: 5.5
Cisco AppDynamics Network Visibility Agent is vulnerable to a denial of service, caused by inability to handle unexpected input. By sending a specially crafted HTTP request, a local attacker could exploit this vulnerability to cause the Network Agent Service to stop on the local device.
CVE-2024-20257 CVSS: 4.8
Cisco Secure Email Gateway is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web UI. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2024-20258 CVSS: 6.1
Cisco Secure Email and Web Manager and Secure Email Gateway are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web UI. A remote attacker could exploit this vulnerability using a specially crafted URL to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2024-20256 CVSS: 4.8
Cisco Secure Email and Web Manager is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web UI. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2024-20366 CVSS: 7.8
Cisco Crosswork Network Services Orchestrator could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the Tail-f High Availability Cluster Communications (HCC) function pack. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code on an affected device as the root user.
Impact
- Denial of Service
- Privilege Escalation
- Security Bypass
- Gain Access
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-20391
- CVE-2024-20326
- CVE-2024-20389
- CVE-2024-20369
- CVE-2024-20392
- CVE-2024-20394
- CVE-2024-20257
- CVE-2024-20258
- CVE-2024-20256
- CVE-2024-20366
Affected Vendors
Cisco
Affected Products
- Cisco Secure Email Gateway
- Cisco Secure Client for Windows
- Cisco Crosswork Network Services Orchestrator
- Cisco Network Services Orchestrator 5.4
- Cisco Network Services Orchestrator 5.0
- Cisco Network Services Orchestrator 6.0
- Cisco Secure Email and Web Manager 15.5
- Cisco Secure Email Gateway 15.0
- Cisco Secure Web Appliance 15.0
- Cisco AppDynamics Network Visibility Agent
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.