Cisco UTD Configuration CLI Vulnerability Allows Arbitrary Code Execution as Root
CVE-2024-20306
6MEDIUM
Summary
A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system.
Affected Version(s)
Cisco IOS XE Software = 17.10.1
Cisco IOS XE Software = 17.10.1a
Cisco IOS XE Software = 17.10.1b
CVSS V3.1
Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database