CVE-2024-20413 — Missing Authorization in Cisco Nx-os Software

CWE-862 — Missing Authorization CWE-267 — Privilege Defined With Unsafe Actions4 documents4 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 86.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os Software

Timeline

PublishedAug 28

Description

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device. This vulnerability is due to insufficient security restrictions when executing application arguments from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5cisco/cisco_nx-os_software159 versions+158

🔴Vulnerability Details

CVEList

Cisco NX-OS Bash Privilege Escalation Vulnerability↗2024-08-28

▶

GHSA

GHSA-pf8v-w5wh-93wr: A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to↗2024-08-28

▶

📋Vendor Advisories

Cisco

Cisco NX-OS Software Bash Arbitrary Code Execution and Privilege Escalation Vulnerabilities↗2024-08-28

▶