Lucene search

K
cvelistCiscoCVELIST:CVE-2024-20289
HistoryAug 28, 2024 - 4:31 p.m.

CVE-2024-20289 Cisco NX-OS Software Command Injection Vulnerability

2024-08-2816:31:23
cisco
www.cve.org
8
cve-2024-20289
cisco
cli
vulnerability
command injection
crafted input
operating system

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0

Percentile

10.2%

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. 

This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco NX-OS Software",
    "versions": [
      {
        "version": "9.3(3)",
        "status": "affected"
      },
      {
        "version": "9.3(4)",
        "status": "affected"
      },
      {
        "version": "9.3(5)",
        "status": "affected"
      },
      {
        "version": "9.3(6)",
        "status": "affected"
      },
      {
        "version": "10.1(2)",
        "status": "affected"
      },
      {
        "version": "10.1(1)",
        "status": "affected"
      },
      {
        "version": "9.3(5w)",
        "status": "affected"
      },
      {
        "version": "9.3(7)",
        "status": "affected"
      },
      {
        "version": "9.3(7k)",
        "status": "affected"
      },
      {
        "version": "10.2(1)",
        "status": "affected"
      },
      {
        "version": "9.3(7a)",
        "status": "affected"
      },
      {
        "version": "9.3(8)",
        "status": "affected"
      },
      {
        "version": "10.2(1q)",
        "status": "affected"
      },
      {
        "version": "10.2(2)",
        "status": "affected"
      },
      {
        "version": "9.3(9)",
        "status": "affected"
      },
      {
        "version": "10.1(2t)",
        "status": "affected"
      },
      {
        "version": "10.2(3)",
        "status": "affected"
      },
      {
        "version": "10.2(3t)",
        "status": "affected"
      },
      {
        "version": "9.3(10)",
        "status": "affected"
      },
      {
        "version": "10.2(2a)",
        "status": "affected"
      },
      {
        "version": "10.3(1)",
        "status": "affected"
      },
      {
        "version": "10.2(4)",
        "status": "affected"
      },
      {
        "version": "10.3(2)",
        "status": "affected"
      },
      {
        "version": "9.3(11)",
        "status": "affected"
      },
      {
        "version": "10.3(3)",
        "status": "affected"
      },
      {
        "version": "10.2(5)",
        "status": "affected"
      },
      {
        "version": "9.3(12)",
        "status": "affected"
      },
      {
        "version": "10.2(3v)",
        "status": "affected"
      },
      {
        "version": "10.4(1)",
        "status": "affected"
      },
      {
        "version": "10.3(99w)",
        "status": "affected"
      },
      {
        "version": "10.2(6)",
        "status": "affected"
      },
      {
        "version": "10.3(3w)",
        "status": "affected"
      },
      {
        "version": "10.3(99x)",
        "status": "affected"
      },
      {
        "version": "10.3(3o)",
        "status": "affected"
      },
      {
        "version": "10.3(4)",
        "status": "affected"
      },
      {
        "version": "10.3(3p)",
        "status": "affected"
      },
      {
        "version": "10.3(4a)",
        "status": "affected"
      },
      {
        "version": "10.4(2)",
        "status": "affected"
      },
      {
        "version": "10.3(3q)",
        "status": "affected"
      },
      {
        "version": "10.3(3x)",
        "status": "affected"
      },
      {
        "version": "10.3(4g)",
        "status": "affected"
      },
      {
        "version": "10.3(3r)",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Cisco",
    "product": "Cisco NX-OS System Software in ACI Mode",
    "versions": [
      {
        "version": "16.0(2h)",
        "status": "affected"
      },
      {
        "version": "16.0(2j)",
        "status": "affected"
      },
      {
        "version": "16.0(3d)",
        "status": "affected"
      },
      {
        "version": "16.0(3e)",
        "status": "affected"
      },
      {
        "version": "16.0(4c)",
        "status": "affected"
      },
      {
        "version": "16.0(5h)",
        "status": "affected"
      },
      {
        "version": "16.0(3g)",
        "status": "affected"
      },
      {
        "version": "16.0(5j)",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0

Percentile

10.2%

Related for CVELIST:CVE-2024-20289