CiscoCVELIST:CVE-2024-20289CVE-2024-20289 Cisco NX-OS Software Command Injection Vulnerability
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
Percentile
10.2%
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco NX-OS Software",
"versions": [
{
"version": "9.3(3)",
"status": "affected"
},
{
"version": "9.3(4)",
"status": "affected"
},
{
"version": "9.3(5)",
"status": "affected"
},
{
"version": "9.3(6)",
"status": "affected"
},
{
"version": "10.1(2)",
"status": "affected"
},
{
"version": "10.1(1)",
"status": "affected"
},
{
"version": "9.3(5w)",
"status": "affected"
},
{
"version": "9.3(7)",
"status": "affected"
},
{
"version": "9.3(7k)",
"status": "affected"
},
{
"version": "10.2(1)",
"status": "affected"
},
{
"version": "9.3(7a)",
"status": "affected"
},
{
"version": "9.3(8)",
"status": "affected"
},
{
"version": "10.2(1q)",
"status": "affected"
},
{
"version": "10.2(2)",
"status": "affected"
},
{
"version": "9.3(9)",
"status": "affected"
},
{
"version": "10.1(2t)",
"status": "affected"
},
{
"version": "10.2(3)",
"status": "affected"
},
{
"version": "10.2(3t)",
"status": "affected"
},
{
"version": "9.3(10)",
"status": "affected"
},
{
"version": "10.2(2a)",
"status": "affected"
},
{
"version": "10.3(1)",
"status": "affected"
},
{
"version": "10.2(4)",
"status": "affected"
},
{
"version": "10.3(2)",
"status": "affected"
},
{
"version": "9.3(11)",
"status": "affected"
},
{
"version": "10.3(3)",
"status": "affected"
},
{
"version": "10.2(5)",
"status": "affected"
},
{
"version": "9.3(12)",
"status": "affected"
},
{
"version": "10.2(3v)",
"status": "affected"
},
{
"version": "10.4(1)",
"status": "affected"
},
{
"version": "10.3(99w)",
"status": "affected"
},
{
"version": "10.2(6)",
"status": "affected"
},
{
"version": "10.3(3w)",
"status": "affected"
},
{
"version": "10.3(99x)",
"status": "affected"
},
{
"version": "10.3(3o)",
"status": "affected"
},
{
"version": "10.3(4)",
"status": "affected"
},
{
"version": "10.3(3p)",
"status": "affected"
},
{
"version": "10.3(4a)",
"status": "affected"
},
{
"version": "10.4(2)",
"status": "affected"
},
{
"version": "10.3(3q)",
"status": "affected"
},
{
"version": "10.3(3x)",
"status": "affected"
},
{
"version": "10.3(4g)",
"status": "affected"
},
{
"version": "10.3(3r)",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Cisco",
"product": "Cisco NX-OS System Software in ACI Mode",
"versions": [
{
"version": "16.0(2h)",
"status": "affected"
},
{
"version": "16.0(2j)",
"status": "affected"
},
{
"version": "16.0(3d)",
"status": "affected"
},
{
"version": "16.0(3e)",
"status": "affected"
},
{
"version": "16.0(4c)",
"status": "affected"
},
{
"version": "16.0(5h)",
"status": "affected"
},
{
"version": "16.0(3g)",
"status": "affected"
},
{
"version": "16.0(5j)",
"status": "affected"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
Percentile
10.2%