CVE-2024-20289 MEDIUM

CVE-2024-20289: Cisco NX-OS Software Command Injection Vulnerability

Vendor Cisco
Product Cisco NX-OS Software
Weakness CWE-78
Published August 28, 2024
Last update August 28, 2024
View on NVD All CVEs

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.

Key dates

02Disclosure timeline

August 28, 2024 CVE published
August 28, 2024 Record updated