CVE-2024-20324

27.03.2024, 17:15

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords.

 This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration details, including passwords. A successful exploit could allow the attacker to access configuration details that they are not authorized to access.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cisco	CNA	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Vendor	Product	Version
cisco	ios_xe	16.10.1
cisco	ios_xe	16.10.1e:e
cisco	ios_xe	16.10.1s:s
cisco	ios_xe	16.11.1
cisco	ios_xe	16.11.1a:a
cisco	ios_xe	16.11.1b:b
cisco	ios_xe	16.11.2
cisco	ios_xe	16.12.1
cisco	ios_xe	16.12.1s:s
cisco	ios_xe	16.12.1t:t
cisco	ios_xe	16.12.2s:s
cisco	ios_xe	16.12.3
cisco	ios_xe	16.12.3s:s
cisco	ios_xe	16.12.4
cisco	ios_xe	16.12.4a:a
cisco	ios_xe	16.12.5
cisco	ios_xe	16.12.6
cisco	ios_xe	16.12.6a:a
cisco	ios_xe	16.12.7
cisco	ios_xe	16.12.8
cisco	ios_xe	17.1.1
cisco	ios_xe	17.1.1s:s
cisco	ios_xe	17.1.1t:t
cisco	ios_xe	17.1.3
cisco	ios_xe	17.2.1
cisco	ios_xe	17.2.1a:a
cisco	ios_xe	17.3.1
cisco	ios_xe	17.3.2
cisco	ios_xe	17.3.2a:a
cisco	ios_xe	17.3.3
cisco	ios_xe	17.3.4
cisco	ios_xe	17.3.4c:c
cisco	ios_xe	17.3.5
cisco	ios_xe	17.3.5a:a
cisco	ios_xe	17.3.5b:b
cisco	ios_xe	17.3.6
cisco	ios_xe	17.3.7
cisco	ios_xe	17.3.8
cisco	ios_xe	17.3.8a:a
cisco	ios_xe	17.4.1
cisco	ios_xe	17.5.1
cisco	ios_xe	17.6.1
cisco	ios_xe	17.6.2
cisco	ios_xe	17.6.3
cisco	ios_xe	17.6.4
cisco	ios_xe	17.6.5
cisco	ios_xe	17.6.5a:a
cisco	ios_xe	17.6.6
cisco	ios_xe	17.6.6a:a
cisco	ios_xe	17.7.1
cisco	ios_xe	17.8.1
cisco	ios_xe	17.9.1
cisco	ios_xe	17.9.2
cisco	ios_xe	17.9.3
cisco	ios_xe	17.9.4
cisco	ios_xe	17.9.4a:a
cisco	ios_xe	17.10.1
cisco	ios_xe	17.10.1a:a
cisco	ios_xe	17.11.1
cisco	ios_xe	17.12.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-274 - Improper Handling of Insufficient Privileges
The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-privesc-RjSMrmPK