PRIOn Logo

CVE-2024-20399 Input validation

Immediate
Remediate Within 48 Hours

CVE Information

Original CVE data

Published:
Updated:

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials.

CWE: CWE-78
CVSS v2-
CVSS v36.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP
https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/
Affected Vendors

Cisco - (1)

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Input validation

CVSS Scores as calculated by PRIOnengine
CVSS v27.2
AV:L/AC:L/AU:N/C:C/I:C/A:C
CVSS v36.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
MITRE CWE Top 25

Vulnerability weakness type is in the top 25 CWEs according to MITRE. View Mitre Top 25 CWEs

Exploits

Exploits are available either through exploit packs, Github repos or the world wide web in general.

Active Exploitation

Vulnerability is referenced under CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

Vulnerability is mentioned or trending in social media.

Threat Actor Activity

Vulnerability is being actively exploited by threat actors during campaigns.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

T1552 - Unsecured Credentials
T1499.004 - Endpoint Denial of Service (Application or System Exploitation)
T1203 - Exploitation for Client Execution
T1078 - Valid Accounts
T1059 - Command and Scripting Interpreter
T1021 - Remote Services

Compliance Impact

How the submited vulnerability affects compliance

PCI DSS v3.2.1-6.5.8 - Improper Access Control

Web Application Security Frameworks

Applicable if the issue likely affects a web application

-