CVE-2024-20324
First published: Wed Mar 27 2024(Updated: )
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration details, including passwords. A successful exploit could allow the attacker to access configuration details that they are not authorized to access.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS and IOS XE Software |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-20324?
The severity of CVE-2024-20324 is considered to be low, as it involves authenticated, low-privileged local attackers.
How do I fix CVE-2024-20324?
To fix CVE-2024-20324, ensure that you apply the latest security patches provided by Cisco for IOS XE Software.
Who is affected by CVE-2024-20324?
CVE-2024-20324 affects users of Cisco IOS XE Software with configuration access.
What is the impact of CVE-2024-20324?
The impact of CVE-2024-20324 allows an attacker to access WLAN configuration details, including sensitive information like passwords.
Can CVE-2024-20324 be exploited remotely?
No, CVE-2024-20324 requires local access by an authenticated user to exploit the vulnerability.
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios and ios xe software