CVE-2024-20432

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Oct 2, 2024
Updated: Oct 8, 2024
CWE ID 77

Summary

CVE-2024-20432 is a critical vulnerability affecting the Cisco Nexus Dashboard Fabric Controller (NDFC) that allows authenticated, low-privileged attackers to execute command injection attacks. This issue arises from improper user authorization and insufficient validation of command arguments, enabling potential exploitation through crafted commands submitted via the REST API or web UI. If successfully exploited, attackers can gain network-admin privileges and execute arbitrary commands on devices managed by Cisco NDFC. To mitigate this risk, organizations should ensure proper access controls and validation mechanisms are in place. It is important to note that this vulnerability does not impact Cisco NDFC when configured for storage area network (SAN) controller deployment.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share