Cisco · Cisco Secure Client · CVE-2024-20338
**Name of the Vulnerable Software and Affected Versions**
Cisco Secure Client versions (affected versions not specified)
**Description**
The issue is related to an uncontrolled search path element in the ISE Posture (System Scan) module. This could allow an authenticated, local attacker to elevate privileges on an affected device. An attacker could exploit this by copying a malicious library file to a specific directory and persuading an administrator to restart a specific process, potentially allowing the execution of arbitrary code with root privileges.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.