CVE-2024-20383 - Vulnerability Details

A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Asyncos Secure Email And Web Manager M170 Secure Email And Web Manager M190 Secure Email And Web Manager M195 Secure Email And Web Manager M380 Secure Email And Web Manager M390 Secure Email And Web Manager M390x Secure Email And Web Manager M395 Secure Email And Web Manager M680 Secure Email And Web Manager M690 Secure Email And Web Manager M690x Secure Email And Web Manager M695 Secure Email And Web Manager Virtual Appliance M100v Secure Email And Web Manager Virtual Appliance M300v Secure Email And Web Manager Virtual Appliance M600v

Configuration 1 [-]

AND

cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m100v:-:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m300v:-:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m600v:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:::::::*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD

History

Fri, 01 Aug 2025 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco asyncos Cisco secure Email And Web Manager M170 Cisco secure Email And Web Manager M190 Cisco secure Email And Web Manager M195 Cisco secure Email And Web Manager M380 Cisco secure Email And Web Manager M390 Cisco secure Email And Web Manager M390x Cisco secure Email And Web Manager M395 Cisco secure Email And Web Manager M680 Cisco secure Email And Web Manager M690 Cisco secure Email And Web Manager M690x Cisco secure Email And Web Manager M695 Cisco secure Email And Web Manager Virtual Appliance M100v Cisco secure Email And Web Manager Virtual Appliance M300v Cisco secure Email And Web Manager Virtual Appliance M600v
CPEs		cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m100v:-:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m300v:-:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m600v:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:::::::* cpe:2.3:o:cisco:asyncos::::::::
Vendors & Products		Cisco Cisco asyncos Cisco secure Email And Web Manager M170 Cisco secure Email And Web Manager M190 Cisco secure Email And Web Manager M195 Cisco secure Email And Web Manager M380 Cisco secure Email And Web Manager M390 Cisco secure Email And Web Manager M390x Cisco secure Email And Web Manager M395 Cisco secure Email And Web Manager M680 Cisco secure Email And Web Manager M690 Cisco secure Email And Web Manager M690x Cisco secure Email And Web Manager M695 Cisco secure Email And Web Manager Virtual Appliance M100v Cisco secure Email And Web Manager Virtual Appliance M300v Cisco secure Email And Web Manager Virtual Appliance M600v

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-05-15T17:59:49.921Z

Updated: 2024-08-01T21:59:42.314Z

Reserved: 2023-11-08T15:08:07.658Z

Link: CVE-2024-20383

Vulnrichment

Updated: 2024-08-01T21:59:42.314Z

NVD

Status : Analyzed

Published: 2024-05-15T18:15:09.910

Modified: 2025-08-01T10:44:34.700

Link: CVE-2024-20383

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object