CVE-2024-20444

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Oct 2, 2024
Updated: Oct 8, 2024
CWE ID 88

Summary

CVE-2024-20444 is a vulnerability affecting the Cisco Nexus Dashboard Fabric Controller (NDFC), which could allow an authenticated remote attacker with network-admin privileges to conduct a command injection attack. This vulnerability arises from inadequate validation of command arguments, which can be exploited through a specific REST API endpoint by submitting crafted arguments. Successful exploitation may enable the attacker to overwrite sensitive files or crash a specific container, potentially leading to a low-impact denial of service (DoS) condition. To remediate this issue, organizations should apply the recommended patches from Cisco's security advisory. The vulnerability poses a medium severity risk, with potential high integrity impact and low availability impact scores.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share