ID:10100 - Exploit for Insecure DLL loading in Cisco Secure Client for Linux - CVE-2024-20338

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:10100 - Exploit for Insecure DLL loading in Cisco Secure Client for Linux - CVE-2024-20338

ID:10100 - Exploit for Insecure DLL loading in Cisco Secure Client for Linux - CVE-2024-20338

Published: June 21, 2024


Vulnerability identifier: #VU87186
Vulnerability risk: Low
CVE-ID: CVE-2024-20338
CWE-ID: CWE-427
Exploitation vector: Local access
Vulnerable software:
Cisco Secure Client for Linux

Link to public exploit:


Vulnerability description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner in the ISE Posture (System Scan) module. A local user can place a specially crafted .dll file and execute arbitrary code on victim's system.


Remediation

Install updates from vendor's website.