CVE-2024-20282

6MEDIUM

Key Information

Vendor: Cisco
Status: Cisco Nexus Dashboard
Vendor: CVE Published:; 3 April 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.

This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.

Affected Version(s)

Cisco Nexus Dashboard = 1.1(0c)

Cisco Nexus Dashboard = 1.1(0d)

Cisco Nexus Dashboard = 1.1(2h)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 27, 2024
Vulnerability published
Apr 3, 2024

Collectors

NVD DatabaseMitre Database