CVE-2024-20438

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Oct 2, 2024
Updated: Oct 8, 2024
CWE ID 693
CWE ID 862

Summary

CVE-2024-20438 is a vulnerability in the REST API endpoints of Cisco's Network Data Foundation Controller (NDFC) that allows authenticated, low-privileged remote attackers to read and write files on affected devices. The issue arises from inadequate authorization controls on some API endpoints, which can be exploited by sending specially crafted requests. A successful attack could enable limited network administration functions, such as accessing device configuration data and modifying files. This vulnerability affects multiple Cisco products but does not impact the web-based management interface. Organizations are advised to apply patches or updates provided by Cisco and review their API security practices to mitigate the risk associated with this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share