CVE-2024-20432

CWE-77 — Command Injection4 documents4 sources

Severity

8.8HIGH

EPSS

2.6%

top 14.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nexus Dashboard Fabric Controller Cisco Cisco Data Center Network Manager

Timeline

PublishedOct 2

Description

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the at…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

▶NVDcisco/nexus_dashboard_fabric_controller12.0.0 — 12.2.2

▶CVEListV5cisco/cisco_data_center_network_manager11 versions+10

🔴Vulnerability Details

GHSA

GHSA-whcp-4cj3-66x2: A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote atta↗2024-10-02

▶

CVEList

Cisco Nexus Dashboard Fabric Controller Web UI Command Injection Vulnerability↗2024-10-02

▶

📋Vendor Advisories

Cisco

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability↗2024-10-02

▶