Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2024-20483
HistorySep 11, 2024 - 5:15 p.m.

CVE-2024-20483

2024-09-1117:15:13
CWE-78
cisco
web.nvd.nist.gov
40
In Wild
cisco
routed pon controller
command injection
docker
mongodb
administrator-level privileges
cisco ios xr software

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

Low

EPSS

0

Percentile

10.2%

JSON

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root.

These vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command. A successful exploit could allow the attacker to execute arbitrary commands as root on the PON controller.

Affected configurations

Vulners
Node
ciscoios_xr_softwareMatch24.1.1
OR
ciscoios_xr_softwareMatch24.2.1
OR
ciscoios_xr_softwareMatch24.1.2
OR
ciscoios_xr_softwareMatch24.2.11
OR
ciscoios_xr_softwareMatch24.3.1
VendorProductVersionCPE
ciscoios_xr_software24.1.1cpe:2.3:o:cisco:ios_xr_software:24.1.1:*:*:*:*:*:*:*
ciscoios_xr_software24.2.1cpe:2.3:o:cisco:ios_xr_software:24.2.1:*:*:*:*:*:*:*
ciscoios_xr_software24.1.2cpe:2.3:o:cisco:ios_xr_software:24.1.2:*:*:*:*:*:*:*
ciscoios_xr_software24.2.11cpe:2.3:o:cisco:ios_xr_software:24.2.11:*:*:*:*:*:*:*
ciscoios_xr_software24.3.1cpe:2.3:o:cisco:ios_xr_software:24.3.1:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco IOS XR Software",
    "versions": [
      {
        "version": "24.1.1",
        "status": "affected"
      },
      {
        "version": "24.2.1",
        "status": "affected"
      },
      {
        "version": "24.1.2",
        "status": "affected"
      },
      {
        "version": "24.2.11",
        "status": "affected"
      },
      {
        "version": "24.3.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Related

vulnrichment 1
nvd 1
cvelist 1
attackerkb 1
cisco 1
vulnrichment
vulnrichment
CVE-2024-20483 Cisco IOS XR PON Controller Command Injection Vulnerabilities
2024-09-11 16:38:57
nvd
nvd
CVE-2024-20483
2024-09-11 17:15:13
cvelist
cvelist
CVE-2024-20483 Cisco IOS XR PON Controller Command Injection Vulnerabilities
2024-09-11 16:38:57
attackerkb
attackerkb
CVE-2024-20483
2024-09-11 00:00:00
cisco
cisco
Cisco Routed Passive Optical Network Controller Vulnerabilities
2024-09-11 16:00:00

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

Low

EPSS

0

Percentile

10.2%

JSON
Related for CVE-2024-20483
vulnrichment1nvd1cvelist1attackerkb1cisco1