CVE-2024-20449

CWE-23CWE-22Path Traversal4 documents4 sources
Severity
8.8HIGH
EPSS
5.4%
top 9.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nexus Dashboard Fabric ControllerCisco Cisco Data Center Network Manager
Timeline
PublishedOct 2

Description

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container wi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_data_center_network_manager11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-xmpq-x22f-7jg3: A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitra2024-10-02
CVEList
Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability2024-10-02

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability2024-10-02
CVE-2024-20449 (HIGH CVSS 8.8) | A vulnerability in Cisco Nexus Dash | cvebase.io