VDB
CVE-2024-20338
CVE-2024-20338
PUBLISHED
Es existiert eine Schwachstelle in Cisco Secure Client. Diese ist auf einen Fehler hinsichtlich einem unkontrollierten Such-pfad-Element zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 0.09% · 25.1th percentile
Risk Scores
EPSS Score
0.09%
25.1th percentile
Exploit Intelligence
- CIRCL seen: CVE-2024-20338 (circl-sighting)
- CIRCL seen: CVE-2024-20338 (circl-sighting)
- CVE-2024-20338 talk for Behind The Code Talk (github-poc)
- CVE-2024-20338 talk for Behind The Code Talk (github-poc)
- CVE-2024-20338 talk for Behind The Code Talk (github-poc)
- CVE-2024-20338 talk for Behind The Code Talk (github-poc)
- CVE-2024-20338 talk for Behind The Code Talk (github-poc)
- CVE-2024-20338 talk for Behind The Code Talk (github-poc)
- cisco-sa-secure-privesc-sYxQO6ds (circl)
- CVE-2024-20338 (cve.org)
Timeline
- Mar 6, 2024 CVE Published
- Mar 6, 2024 PoC Published
- Mar 6, 2024 CVE Updated
- Mar 7, 2024 EPSS Score
- Mar 8, 2024 PoC Published
- Apr 2, 2024 EPSS Score
- Apr 29, 2024 EPSS Score
- Jun 20, 2024 EPSS Score
- Jul 17, 2024 EPSS Score
- Aug 12, 2024 EPSS Score
- Sep 7, 2024 EPSS Score
- Oct 3, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0565.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0565 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds advisory