CVE-2024-20444
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-20444 is a vulnerability affecting the Cisco Nexus Dashboard Fabric Controller (NDFC), which could allow an authenticated remote attacker with network-admin privileges to conduct a command injection attack. This vulnerability arises from inadequate validation of command arguments, which can be exploited through a specific REST API endpoint by submitting crafted arguments. Successful exploitation may enable the attacker to overwrite sensitive files or crash a specific container, potentially leading to a low-impact denial of service (DoS) condition. To remediate this issue, organizations should apply the recommended patches from Cisco's security advisory. The vulnerability poses a medium severity risk, with potential high integrity impact and low availability impact scores.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.