Cisco NDFC Vulnerability Allows Command Injection Attacks
CVE-2024-20432
Key Information
- Vendor
- Cisco
- Status
- Cisco Data Center Network Manager
- Vendor
- CVE Published:
- 2 October 2024
Badges
Summary
The vulnerability CVE-2024-20432 affects the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC). An authenticated, low-privileged, remote attacker could exploit this vulnerability to perform a command injection attack, leading to the execution of arbitrary commands on a managed device with network-admin privileges. The vulnerability is due to improper user authorization and insufficient validation of command arguments. Cisco has released software updates to address this vulnerability, and there are no workarounds available. The impact of this vulnerability is significant, as it can potentially lead to unauthorized access and control over affected systems. There is no information on whether ransomware groups have exploited this vulnerability.
Affected Version(s)
Cisco Data Center Network Manager = 12.1(1)
Cisco Data Center Network Manager = 12.0.1a
Cisco Data Center Network Manager = 12.0.2d
News Articles
Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability [CVE-2024-20432]
CVE number = CVE-2024-20432 A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command...
3 months ago
Refferences
CVSS V3.1
Timeline
First article discovered by SystemTek
Vulnerability published
Vulnerability Reserved