CVE-2024-20289
MEDIUM EPSS 13.3%
Published Aug 28, 20241y ago · Modified Jun 17, 20261w ago
4.4 CVSS 3.1
Published Aug 28, 2024 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
13.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-78 OS Command Injection Injection
References 1
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-Lq6jsZhH
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.