CVE-2024-20492
CVSS 3.1 Score 6.0 of 10 (medium)
Details
Summary
CVE-2024-20492 is a vulnerability in the restricted shell of Cisco Expressway Series devices, which include both Expressway Control (Expressway-C) and Expressway Edge (Expressway-E). This flaw allows an authenticated local attacker with Administrator-level credentials to perform command injection, potentially gaining root access to the device's underlying operating system. The vulnerability arises from insufficient validation of user-supplied input during command execution. Organizations using affected Cisco products are advised to implement security patches provided by Cisco to mitigate this risk, as successful exploitation could lead to significant integrity and confidentiality impacts. The exploitability score is rated at 0.8, indicating a medium-level threat with high privileges required for successful attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.