CVE-2024-20338

A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds	Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:cisco:secure_client:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

22 Jul 2025, 18:04

Type	Values Removed	Values Added
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds - Vendor Advisory
First Time		Linux linux Kernel Linux Cisco Cisco secure Client
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:a:cisco:secure_client::::::::

Information

Published : 2024-03-06 17:15

Updated : 2025-07-22 18:04

NVD link : CVE-2024-20338

Mitre link : CVE-2024-20338

CVE.ORG link : CVE-2024-20338

JSON object : View

Products Affected

cisco

secure_client

linux

linux_kernel

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2024-20338", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2024-03-06T17:15:09.783", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges."}, {"lang": "es", "value": "Una vulnerabilidad en el m\u00f3dulo ISE Posture (System Scan) de Cisco Secure Client para Linux podr\u00eda permitir que un atacante local autenticado eleve los privilegios en un dispositivo afectado. Esta vulnerabilidad se debe al uso de un elemento de ruta de b\u00fasqueda no controlado. Un atacante podr\u00eda aprovechar esta vulnerabilidad copiando un archivo de librer\u00eda malicioso en un directorio espec\u00edfico del sistema de archivos y persuadiendo a un administrador para que reinicie un proceso espec\u00edfico. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario en un dispositivo afectado con privilegios de root."}], "lastModified": "2025-07-22T18:04:59.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B8D47F6-7EDE-413E-823A-015F028BCE32", "versionEndExcluding": "5.1.2.42"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@cisco.com"}