CVE-2024-20478

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 28, 2024
Updated: Aug 29, 2024
CWE ID 250

Summary

CVE-2024-20478 is a vulnerability affecting the Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, allowing an authenticated remote attacker with Administrator-level privileges to install a modified software image, potentially leading to arbitrary code execution. This issue arises from insufficient signature validation of software images, which can permit an attacker to execute arbitrary code on affected systems and escalate privileges to root. To mitigate this risk, administrators are advised to verify the hash of any upgrade image before uploading it to these controllers. The vulnerability has a medium severity rating with a base score of 6.5 and poses significant risks, including high impacts on both integrity and confidentiality. If exploited, the attack vector is network-based, with low complexity and no user interaction required.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share