CVE-2024-20391: 
Cisco AnyConnect Secure Client vulnerability analysis and mitigation

A vulnerability (CVE-2024-20391) was discovered in the Network Access Manager (NAM) module of Cisco Secure Client for Windows. The vulnerability was disclosed on May 15, 2024, and affects devices running vulnerable releases of Cisco Secure Client for Windows with the NAM module installed. This security flaw allows an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM level (Cisco Advisory).

The vulnerability stems from a lack of authentication on a specific function in the NAM module. It has been assigned CWE-306 (Missing Authentication for Critical Function) and received a CVSS v3.1 base score of 6.8 (Medium) with the vector string CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The scoring indicates that while physical access is required, the attack complexity is low and no privileges or user interaction are needed (Cisco Advisory, NVD).

A successful exploitation of this vulnerability allows an attacker to execute arbitrary code with SYSTEM privileges on an affected device, potentially gaining complete control over the system (Cisco Advisory).

Cisco has released software updates to address this vulnerability in version 5.1.3.62. No workarounds are available for this vulnerability. The fix is available for all affected systems running versions earlier than 5.1.3.62. The vulnerability does not affect Secure Client for Linux, macOS, or mobile device operating systems (Cisco Advisory).

The vulnerability was responsibly disclosed by security researchers Julien Egloff and Kevin Tellier from Synacktiv (Cisco Advisory).