CVE-2024-20381

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 11, 2024
Updated: Sep 12, 2024
CWE ID 285

Summary

CVE-2024-20381 is a high-severity vulnerability affecting the JSON-RPC API in Cisco's web-based management interfaces, specifically within the Crosswork Network Services Orchestrator (NSO), Optical Site Manager, and RV340 Dual WAN Gigabit VPN Routers. This vulnerability arises from inadequate authorization checks, enabling an authenticated remote attacker to exploit it by sending malformed requests to manipulate configurations of the affected devices, including creating new user accounts or elevating privileges. The CVSS score for this vulnerability is 8.8, indicating a significant risk with potential impacts on confidentiality, integrity, and availability. To remediate this issue, organizations should apply recommended patches from Cisco and ensure that proper access controls are enforced on their systems. Failure to address this vulnerability could lead to unauthorized system modifications and increased risks of data breaches within affected networks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share