CVE-2024-20492

{"id": "CVE-2024-20492", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.8}]}, "published": "2024-10-02T17:15:17.763", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expw-escalation-3bkz77bD", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device.\r\nNote: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices."}, {"lang": "es", "value": "Una vulnerabilidad en el shell restringido de Cisco Expressway Series podr\u00eda permitir que un atacante local autenticado realice ataques de inyecci\u00f3n de comandos en el sistema operativo subyacente y eleve los privilegios a superusuario. Para explotar esta vulnerabilidad, el atacante debe tener credenciales de nivel de administrador con privilegios de lectura y escritura en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una serie de comandos CLI manipulados. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante escapar del shell restringido y obtener privilegios de superusuario en el sistema operativo subyacente del dispositivo afectado. Nota: Cisco Expressway Series hace referencia a los dispositivos Cisco Expressway Control (Expressway-C) y Cisco Expressway Edge (Expressway-E)."}], "lastModified": "2024-10-08T16:07:26.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "73A2A365-59AA-48B9-9ABF-914C2B80C7A4"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "98BDD88B-DF43-4F7C-A6C0-1EECE9C85355"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "BE860BF8-AC42-4C10-BC65-9DBF8050E682"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "C03A7AEA-8411-4693-84A9-7ADC7F08D87C"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "0D98AE26-55C9-4BA7-B82C-5B328E689418"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "D50E9F77-0575-43E0-AF83-9A932F4D4F73"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "9F91E793-E37D-4823-B078-DA96AB422967"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "3F16B185-879A-4BA8-B4EB-B032FC8B9674"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "5D58C2C4-F0CB-440A-885A-173DC9B5D32F"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "95FC0285-58F4-4C17-9DB0-0A495A7FE9BE"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "E9BB8E50-74EF-4726-A069-C90B09201593"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "8AEF5B51-8609-40D8-A01B-6696B012FCB0"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "C0DCF6AA-84C1-4B1A-80B0-6942707D9CAF"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "1590C980-506C-4689-AA91-6C647CC3AF28"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "4E9D0839-13E1-4C95-AFEF-3071A977AB5F"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "6E714552-FDEF-4971-959F-3615E34E6F5D"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "20A5441C-7798-4EAD-9428-6DA4EF354807"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "1BE2198F-DF53-497E-9945-062ADD3787F2"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "0D7C383F-30E2-4F22-B35D-B73671D1BBCC"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "B478B2B7-269C-4813-A004-225D90715A08"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "CBEB2506-7F1B-4227-B5BD-47B28778D7AE"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "A000BA48-4ABC-46D4-89EB-CEA8D754B708"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "66CBF53D-4174-463A-B902-E50FF63E39B0"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "BFFD53C6-D23A-4CEC-AD1C-7D6A8B920566"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "F642A732-BA7E-493F-BE62-273997AF3328"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "76688320-EE54-4662-BE15-F721EA55D5D9"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "7C3B3879-FCDF-4D12-9B81-24EC70FF6CF8"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "F0B562E3-5E36-4899-A57A-90E653737B09"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "EA6FF488-FBED-40E6-92CC-39B8749171C0"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "F84981B5-0E55-40D6-92F9-57C03A24A44A"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "A9A37F14-5F65-4C99-A0E2-EACABEDF2286"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "6F7DC504-15CA-4D44-90E5-5684F474A7A4"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "36BD629F-0183-41C2-9547-08EAE359BD00"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "26301BB9-38C0-473F-9FAF-E5DF70E29A36"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "29C38DD2-E763-4B59-83C7-050D08D91637"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "684A39DB-7850-4932-922D-9E7A62FC608A"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "81B09C18-F930-4B67-8309-7FA0889039C7"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "E172DA2A-37B4-4387-AE92-0F0D4F60F736"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "D09EB9B0-5212-4E32-95E9-93BEC53B4AA1"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "2221FF76-F13A-4E8D-88EB-2757AB6DCDCE"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "FBEE5E76-A827-4031-B1C1-4961C277C5F8"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "156F7D5E-DC54-4687-B80F-3281C779135F"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "8BDFCFC1-8230-4051-9B5D-73349C288E46"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "98E3BF27-037E-474F-B55A-12750943499D"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "9F2CF11F-735B-458F-9F2F-8E2322FC39DE"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "22089B78-2048-4192-826B-76AA3FAE7E22"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "C826FD6A-948C-4B09-8061-E800BD6E1963"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "2CE43D3E-BC2F-4CBC-8213-13028B88B1B0"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "60DF84F3-B71E-4860-A6B7-61AB5D201702"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "06852E84-8BEC-403D-BB70-07A4F51054E8"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "EDDF2FE3-585A-4A3D-9E14-A8AE02301223"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "6C6A62AC-7214-4FB0-A2C9-82BDEE6D7C7D"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "7090851D-B154-435B-8F25-06E365334D68"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "D1A6AB08-E97C-4865-B225-0EA77AA73366"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "0EE6F371-C8E2-4B4E-855E-882395C02801"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "711A5AE8-087C-4471-BA1B-C3B70EED1427"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "4B0339D9-9CA8-4376-A60B-94429B993E80"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "3AA3FAD1-7F25-4D57-AA14-822CDE7FE0FA"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "9F656226-EAB4-4B9D-965B-872FA62BDA26"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.9:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "1543EF6E-9B45-4FD4-B435-6579FE7F2C54"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.10:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "1AA8FED6-4E07-4C0D-8DF7-605C230B7D21"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.11:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "0343AAE7-94DF-43E4-AF29-9EC1B320A58E"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.0:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "CA0CFF47-8107-40BC-9E29-69E829A7FCE1"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "89E4FDB4-B74A-4622-A47F-2EDCB6D57F57"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "CC1B741E-9D6F-428F-B403-2FB0DF52DCE9"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.5:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "16FDBC96-2C3A-4615-8AE7-90DEB68E2952"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.6:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "05AB5287-62D0-4510-B4AF-9AC0A757CE3D"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.7:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "0DAE5BA7-833B-4FB1-8F04-80FC02BD444F"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.0:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "10582312-5717-4A91-AE3E-9A907C8A338B"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "8FEE44F0-FBC5-470F-BB66-C1C672032B34"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "8B1EDE63-DE13-47AC-BC19-6F5EB4D00BFB"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.3:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "B2B49119-47FF-4751-A9EC-D34ABAD3A9E0"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.4:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "193C4B32-EE7D-42CE-B851-00CDDBA07D40"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.5:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "9137356B-264C-4D1F-B37A-DB5FE96B1A1E"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.6:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "4B8FD463-4EC1-4BD3-AB01-2915D061C57A"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.0:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "7DB74EB7-1B43-4F61-818C-CACC4661F9DB"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.1:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "9B8E94B6-6B64-4060-B264-623B7CAA456E"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "A5BF2248-19FB-4F1B-AB1D-1892445AB15B"}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.3:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "0477933F-C946-4ED9-B89A-C0D9E40FCE06"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}