CVE-2024-20483

CWE-78OS Command InjectionCWE-2564 documents4 sources
Severity
7.2HIGH
EPSS
0.6%
top 31.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedSep 11

Description

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root. These vulnerabilities are due to insufficient validation of arguments that are pa

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_software5 versions+4
NVDcisco/ios_xr5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-w2jq-6q47-2f9r: Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Softw2024-09-11
CVEList
Cisco IOS XR PON Controller Command Injection Vulnerabilities2024-09-11

📋Vendor Advisories

1
Cisco
Cisco Routed Passive Optical Network Controller Vulnerabilities2024-09-11