CVE-2024-20444

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device.   This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:*:*:*:*:*:*:*:*

History

08 Oct 2024, 14:49

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:*:*:*:*:*:*:*:*
First Time Cisco nexus Dashboard Fabric Controller
Cisco
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-raci-T46k3jnN - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-raci-T46k3jnN - Vendor Advisory

04 Oct 2024, 13:50

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en Cisco Nexus Dashboard Fabric Controller (NDFC), anteriormente Cisco Data Center Network Manager (DCNM), podría permitir que un atacante remoto autenticado con privilegios de administrador de red realice un ataque de inyección de comandos contra un dispositivo afectado. Esta vulnerabilidad se debe a una validación insuficiente de los argumentos de los comandos. Un atacante podría aprovechar esta vulnerabilidad enviando argumentos de comandos manipulados a un endpoint de API REST específico. Una explotación exitosa podría permitir al atacante sobrescribir archivos confidenciales o bloquear un contenedor específico, que se reiniciaría por sí solo, lo que provocaría una condición de denegación de servicio (DoS) de bajo impacto.

02 Oct 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-02 17:15

Updated : 2024-10-08 15:26


NVD link : CVE-2024-20444

Mitre link : CVE-2024-20444

CVE.ORG link : CVE-2024-20444


JSON object : View

Products Affected

cisco

  • nexus_dashboard_fabric_controller
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')