#VU97228 Improper Authentication in Cisco Systems, Inc products - CVE-2024-20381
Published: September 13, 2024
Vulnerability identifier: #VU97228
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-20381
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Crosswork Network Services Orchestrator
ConfD
Optical Site Manager
Cisco RV340 Dual WAN Gigabit VPN Router
Crosswork Network Services Orchestrator
ConfD
Optical Site Manager
Cisco RV340 Dual WAN Gigabit VPN Router
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when processing authentication requests in the JSON-RPC API feature. A remote user can make unauthorized modifications to the configuration of the affected application or device.
Remediation
Install updates from vendor's website.