We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-20449

Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability



Description

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges of root.

Reserved 2023-11-08 | Published 2024-10-02 | Updated 2024-10-02 | Assigner cisco


HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Relative Path Traversal

Product status

Default status
unknown

12.1(1)
affected

12.0.1a
affected

12.0.2d
affected

12.0.2f
affected

12.1.1
affected

12.1.1e
affected

12.1.1p
affected

12.1.2e
affected

12.1.2p
affected

12.1.3b
affected

12.2.1
affected

References

sec.cloudapps.cisco.com/...isory/cisco-sa-ndfc-ptrce-BUSHLbp (cisco-sa-ndfc-ptrce-BUSHLbp)

cve.org (CVE-2024-20449)

nvd.nist.gov (CVE-2024-20449)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-20449

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.