CVE-2024-20282

6MEDIUM

Key Information

Vendor: Cisco
Status: Cisco Nexus Dashboard
Vendor: CVE Published:; 3 April 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.

Affected Version(s)

Cisco Nexus Dashboard = 1.1(0c)

Cisco Nexus Dashboard = 1.1(0d)

Cisco Nexus Dashboard = 1.1(2h)

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 27, 2024
Risk change from: null to: 6 - (MEDIUM)
Aug 27, 2024
Vulnerability published.
Apr 3, 2024

Collectors

NVD DatabaseMitre Database