Improper Authentication in Cisco Systems, Inc products - CVE-2024-20381
Published: September 13, 2024
Vulnerability identifier: #VU97228
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-20381
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Crosswork Network Services Orchestrator
ConfD
Optical Site Manager
Cisco RV340 Dual WAN Gigabit VPN Router
Crosswork Network Services Orchestrator
ConfD
Optical Site Manager
Cisco RV340 Dual WAN Gigabit VPN Router
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when processing authentication requests in the JSON-RPC API feature. A remote user can make unauthorized modifications to the configuration of the affected application or device.
How to mitigate CVE-2024-20381
Install updates from vendor's website.