Login Sign Up

CVE-2024-20381

8.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows authenticated remote attackers to bypass authorization checks in the JSON-RPC API of affected Cisco products, enabling unauthorized configuration changes. Attackers could create new user accounts, elevate privileges, or modify device settings. Affected systems include Cisco Crosswork NSO, ConfD, Optical Site Manager, and RV340 VPN Routers.

💻 Affected Systems

Products:
  • Cisco Crosswork Network Services Orchestrator (NSO)
  • Cisco ConfD
  • Cisco Optical Site Manager
  • Cisco RV340 Dual WAN Gigabit VPN Router
Versions: See Cisco advisory for specific affected versions
Operating Systems: Not specified - vulnerability is in application layer
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the affected application or device web interface

📦 What is this software?

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Network Services Orchestrator by Cisco

View all CVEs affecting Network Services Orchestrator →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

Small Business Rv Series Router Firmware by Cisco

View all CVEs affecting Small Business Rv Series Router Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attacker gains administrative control, creates persistent backdoors, modifies network configurations to intercept traffic, and potentially disables security controls.

🟠

Likely Case

Privilege escalation leading to unauthorized configuration changes, creation of new administrative accounts, and potential disruption of network services.

🟢

If Mitigated

Limited impact if proper network segmentation, API access controls, and monitoring are in place to detect and block unauthorized API requests.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but authorization bypass makes it straightforward once initial access is obtained

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Cisco Security Advisory for specific fixed versions

Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp

Restart Required: Yes

Instructions:

1. Review Cisco Security Advisory for affected versions. 2. Download and apply appropriate patches from Cisco. 3. Restart affected services or devices. 4. Verify patch application and test functionality.

🔧 Temporary Workarounds

Restrict JSON-RPC API Access

all

Limit network access to JSON-RPC API endpoints using firewall rules or network segmentation

Implement API Rate Limiting

all

Configure rate limiting on JSON-RPC API endpoints to detect and block suspicious activity

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected systems from untrusted networks
  • Enhance monitoring of JSON-RPC API logs for unauthorized configuration changes and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check device/application version against affected versions listed in Cisco Security Advisory

Check Version:

Device/application specific - consult product documentation for version check commands

Verify Fix Applied:

Verify installed version matches or exceeds fixed versions specified in Cisco advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual JSON-RPC API requests
  • Configuration changes from unexpected users/sources
  • New user account creation via API
  • Privilege escalation attempts

Network Indicators:

  • Unusual traffic patterns to JSON-RPC API endpoints
  • Multiple configuration change requests in short timeframes

SIEM Query:

Search for JSON-RPC API requests containing configuration modification operations from non-admin users or unexpected source IPs

📊 Metadata

CVE ID: CVE-2024-20381
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-285
Published: September 11, 2024
Last Updated: October 8, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20381, you might also want to check these:

CVE-2025-65041 10.0

CVE-2025-65041 is an improper authorization vulnerability in Microsoft Partner Center that allows un...

Same vulnerability type (CWE-285)
CVE-2021-37705 10.0

CVE-2021-37705 is an authorization bypass vulnerability in OneFuzz that allows authenticated users f...

Same vulnerability type (CWE-285)
CVE-2023-33189 10.0

CVE-2023-33189 is an authorization bypass vulnerability in Pomerium identity-aware access proxy. Att...

Same vulnerability type (CWE-285)