思科Secure Client的Network Access Manager模块存在漏洞，未授权攻击者物理接触受影响设备后可提升权限至SYSTEM，思科已发布软件更新，此漏洞安全影响评级为中。

🎈思科Secure Client的Network Access Manager模块存在特定功能缺乏认证的问题，导致未授权攻击者若能物理接触受影响设备，就可将权限提升至SYSTEM，并可能执行任意代码，带来严重安全风险。

💻思科已发布软件更新以解决该漏洞，但目前没有其他解决此漏洞的方法。用户可通过指定链接获取相关信息。

🔐该漏洞的安全影响评级为中，CVE编号为CVE-2024-20391，需引起用户高度重视并及时采取措施进行修复。

A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.

This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ

Security Impact Rating: Medium
CVE: CVE-2024-20391