Lucene search
CiscoCVE-2024-20289HistoryAug 28, 2024 - 5:15 p.m.
CVE-2024-20289
2024-08-2817:15:09
CWE-78
cisco
web.nvd.nist.gov
30
vulnerability
cisco
nx-os software
CVSS3
4.4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
5.3
Confidence
High
EPSS
0
Percentile
10.2%
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.
Affected configurations
Node
ciscocisco_nx-os_softwareMatch9.3\(3\)
ORciscocisco_nx-os_softwareMatch9.3\(4\)
ORciscocisco_nx-os_softwareMatch9.3\(5\)
ORciscocisco_nx-os_softwareMatch9.3\(6\)
ORciscocisco_nx-os_softwareMatch10.1\(2\)
ORciscocisco_nx-os_softwareMatch10.1\(1\)
ORciscocisco_nx-os_softwareMatch9.3\(5w\)
ORciscocisco_nx-os_softwareMatch9.3\(7\)
ORciscocisco_nx-os_softwareMatch9.3\(7k\)
ORciscocisco_nx-os_softwareMatch10.2\(1\)
ORciscocisco_nx-os_softwareMatch9.3\(7a\)
ORciscocisco_nx-os_softwareMatch9.3\(8\)
ORciscocisco_nx-os_softwareMatch10.2\(1q\)
ORciscocisco_nx-os_softwareMatch10.2\(2\)
ORciscocisco_nx-os_softwareMatch9.3\(9\)
ORciscocisco_nx-os_softwareMatch10.1\(2t\)
ORciscocisco_nx-os_softwareMatch10.2\(3\)
ORciscocisco_nx-os_softwareMatch10.2\(3t\)
ORciscocisco_nx-os_softwareMatch9.3\(10\)
ORciscocisco_nx-os_softwareMatch10.2\(2a\)
ORciscocisco_nx-os_softwareMatch10.3\(1\)
ORciscocisco_nx-os_softwareMatch10.2\(4\)
ORciscocisco_nx-os_softwareMatch10.3\(2\)
ORciscocisco_nx-os_softwareMatch9.3\(11\)
ORciscocisco_nx-os_softwareMatch10.3\(3\)
ORciscocisco_nx-os_softwareMatch10.2\(5\)
ORciscocisco_nx-os_softwareMatch9.3\(12\)
ORciscocisco_nx-os_softwareMatch10.2\(3v\)
ORciscocisco_nx-os_softwareMatch10.4\(1\)
ORciscocisco_nx-os_softwareMatch10.3\(99w\)
ORciscocisco_nx-os_softwareMatch10.2\(6\)
ORciscocisco_nx-os_softwareMatch10.3\(3w\)
ORciscocisco_nx-os_softwareMatch10.3\(99x\)
ORciscocisco_nx-os_softwareMatch10.3\(3o\)
ORciscocisco_nx-os_softwareMatch10.3\(4\)
ORciscocisco_nx-os_softwareMatch10.3\(3p\)
ORciscocisco_nx-os_softwareMatch10.3\(4a\)
ORciscocisco_nx-os_softwareMatch10.4\(2\)
ORciscocisco_nx-os_softwareMatch10.3\(3q\)
ORciscocisco_nx-os_softwareMatch10.3\(3x\)
ORciscocisco_nx-os_softwareMatch10.3\(4g\)
ORciscocisco_nx-os_softwareMatch10.3\(3r\)
cisconx_osMatch16.0\(2h\)
ORcisconx_osMatch16.0\(2j\)
ORcisconx_osMatch16.0\(3d\)
ORcisconx_osMatch16.0\(3e\)
ORcisconx_osMatch16.0\(4c\)
ORcisconx_osMatch16.0\(5h\)
ORcisconx_osMatch16.0\(3g\)
ORcisconx_osMatch16.0\(5j\)
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | cisco_nx-os_software | 9.3(3) | cpe:2.3:a:cisco:cisco_nx-os_software:9.3\(3\):*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 9.3(4) | cpe:2.3:a:cisco:cisco_nx-os_software:9.3\(4\):*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 9.3(5) | cpe:2.3:a:cisco:cisco_nx-os_software:9.3\(5\):*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 9.3(6) | cpe:2.3:a:cisco:cisco_nx-os_software:9.3\(6\):*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 10.1(2) | cpe:2.3:a:cisco:cisco_nx-os_software:10.1\(2\):*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 10.1(1) | cpe:2.3:a:cisco:cisco_nx-os_software:10.1\(1\):*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 9.3(5w) | cpe:2.3:a:cisco:cisco_nx-os_software:9.3\(5w\):*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 9.3(7) | cpe:2.3:a:cisco:cisco_nx-os_software:9.3\(7\):*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 9.3(7k) | cpe:2.3:a:cisco:cisco_nx-os_software:9.3\(7k\):*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 10.2(1) | cpe:2.3:a:cisco:cisco_nx-os_software:10.2\(1\):*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco NX-OS Software",
"versions": [
{
"version": "9.3(3)",
"status": "affected"
},
{
"version": "9.3(4)",
"status": "affected"
},
{
"version": "9.3(5)",
"status": "affected"
},
{
"version": "9.3(6)",
"status": "affected"
},
{
"version": "10.1(2)",
"status": "affected"
},
{
"version": "10.1(1)",
"status": "affected"
},
{
"version": "9.3(5w)",
"status": "affected"
},
{
"version": "9.3(7)",
"status": "affected"
},
{
"version": "9.3(7k)",
"status": "affected"
},
{
"version": "10.2(1)",
"status": "affected"
},
{
"version": "9.3(7a)",
"status": "affected"
},
{
"version": "9.3(8)",
"status": "affected"
},
{
"version": "10.2(1q)",
"status": "affected"
},
{
"version": "10.2(2)",
"status": "affected"
},
{
"version": "9.3(9)",
"status": "affected"
},
{
"version": "10.1(2t)",
"status": "affected"
},
{
"version": "10.2(3)",
"status": "affected"
},
{
"version": "10.2(3t)",
"status": "affected"
},
{
"version": "9.3(10)",
"status": "affected"
},
{
"version": "10.2(2a)",
"status": "affected"
},
{
"version": "10.3(1)",
"status": "affected"
},
{
"version": "10.2(4)",
"status": "affected"
},
{
"version": "10.3(2)",
"status": "affected"
},
{
"version": "9.3(11)",
"status": "affected"
},
{
"version": "10.3(3)",
"status": "affected"
},
{
"version": "10.2(5)",
"status": "affected"
},
{
"version": "9.3(12)",
"status": "affected"
},
{
"version": "10.2(3v)",
"status": "affected"
},
{
"version": "10.4(1)",
"status": "affected"
},
{
"version": "10.3(99w)",
"status": "affected"
},
{
"version": "10.2(6)",
"status": "affected"
},
{
"version": "10.3(3w)",
"status": "affected"
},
{
"version": "10.3(99x)",
"status": "affected"
},
{
"version": "10.3(3o)",
"status": "affected"
},
{
"version": "10.3(4)",
"status": "affected"
},
{
"version": "10.3(3p)",
"status": "affected"
},
{
"version": "10.3(4a)",
"status": "affected"
},
{
"version": "10.4(2)",
"status": "affected"
},
{
"version": "10.3(3q)",
"status": "affected"
},
{
"version": "10.3(3x)",
"status": "affected"
},
{
"version": "10.3(4g)",
"status": "affected"
},
{
"version": "10.3(3r)",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Cisco",
"product": "Cisco NX-OS System Software in ACI Mode",
"versions": [
{
"version": "16.0(2h)",
"status": "affected"
},
{
"version": "16.0(2j)",
"status": "affected"
},
{
"version": "16.0(3d)",
"status": "affected"
},
{
"version": "16.0(3e)",
"status": "affected"
},
{
"version": "16.0(4c)",
"status": "affected"
},
{
"version": "16.0(5h)",
"status": "affected"
},
{
"version": "16.0(3g)",
"status": "affected"
},
{
"version": "16.0(5j)",
"status": "affected"
}
],
"defaultStatus": "unknown"
}
]Related
vulnrichment
vulnrichment
CVE-2024-20289 Cisco NX-OS Software Command Injection Vulnerability
2024-08-28 16:31:23
nvd
nvd
CVE-2024-20289
2024-08-28 17:15:09
cvelist
cvelist
CVE-2024-20289 Cisco NX-OS Software Command Injection Vulnerability
2024-08-28 16:31:23
cisco
cisco
Cisco NX-OS Software Command Injection Vulnerability
2024-08-28 16:00:00
CVSS3
4.4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
5.3
Confidence
High
EPSS
0
Percentile
10.2%
Related for CVE-2024-20289