CVE-2024-20449

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges of root.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:*:*:*:*:*:*:*:*

History

08 Oct 2024, 15:33

Type Values Removed Values Added
First Time Cisco nexus Dashboard Fabric Controller
Cisco
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-ptrce-BUSHLbp - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-ptrce-BUSHLbp - Vendor Advisory
CPE cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:*:*:*:*:*:*:*:*
CWE CWE-22

04 Oct 2024, 13:50

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en Cisco Nexus Dashboard Fabric Controller (NDFC) podría permitir que un atacante remoto autenticado con privilegios bajos ejecute código arbitrario en un dispositivo afectado. Esta vulnerabilidad se debe a una validación de ruta incorrecta. Un atacante podría aprovechar esta vulnerabilidad utilizando el Protocolo de copia segura (SCP) para cargar código malicioso en un dispositivo afectado utilizando técnicas de path traversal. Una explotación exitosa podría permitir al atacante ejecutar código arbitrario en un contenedor específico con los privilegios de superusuario.

02 Oct 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-02 17:15

Updated : 2024-10-08 15:33


NVD link : CVE-2024-20449

Mitre link : CVE-2024-20449

CVE.ORG link : CVE-2024-20449


JSON object : View

Products Affected

cisco

  • nexus_dashboard_fabric_controller
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-23

Relative Path Traversal