CVE-2024-20444

CWE-884 documents4 sources
Severity
5.5MEDIUM
EPSS
0.3%
top 49.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nexus Dashboard Fabric ControllerCisco Cisco Data Center Network Manager
Timeline
PublishedOct 2

Description

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:LExploitability: 1.2 | Impact: 4.2

Affected Packages2 packages

CVEListV5cisco/cisco_data_center_network_manager38 versions+37

🔴Vulnerability Details

2
GHSA
GHSA-rvwm-3c9j-xm8h: A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, re2024-10-02
CVEList
Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability2024-10-02

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability2024-10-02
CVE-2024-20444 (MEDIUM CVSS 5.5) | A vulnerability in Cisco Nexus Dash | cvebase.io