CVE-2024-20282
6MEDIUM
Key Information
- Vendor
- Cisco
- Status
- Cisco Nexus Dashboard
- Vendor
- CVE Published:
- 3 April 2024
Badges
👾 Exploit Exists
Summary
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.
Affected Version(s)
Cisco Nexus Dashboard = 1.1(0c)
Cisco Nexus Dashboard = 1.1(0d)
Cisco Nexus Dashboard = 1.1(2h)
CVSS V3.1
Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit exists.
Risk change from: null to: 6 - (MEDIUM)
Vulnerability published.
Collectors
NVD DatabaseMitre Database