Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2024-20289

Disclosure Date: August 28, 2024
CVE-2024-20289
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. 

This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Cisco NX-OS Software 9.3(3)
Cisco NX-OS Software 9.3(4)
Cisco NX-OS Software 9.3(5)
Cisco NX-OS Software 9.3(6)
Cisco NX-OS Software 10.1(2)
Cisco NX-OS Software 10.1(1)
Cisco NX-OS Software 9.3(5w)
Cisco NX-OS Software 9.3(7)
Cisco NX-OS Software 9.3(7k)
Cisco NX-OS Software 10.2(1)
Cisco NX-OS Software 9.3(7a)
Cisco NX-OS Software 9.3(8)
Cisco NX-OS Software 10.2(1q)
Cisco NX-OS Software 10.2(2)
Cisco NX-OS Software 9.3(9)
Cisco NX-OS Software 10.1(2t)
Cisco NX-OS Software 10.2(3)
Cisco NX-OS Software 10.2(3t)
Cisco NX-OS Software 9.3(10)
Cisco NX-OS Software 10.2(2a)
Cisco NX-OS Software 10.3(1)
Cisco NX-OS Software 10.2(4)
Cisco NX-OS Software 10.3(2)
Cisco NX-OS Software 9.3(11)
Cisco NX-OS Software 10.3(3)
Cisco NX-OS Software 10.2(5)
Cisco NX-OS Software 9.3(12)
Cisco NX-OS Software 10.2(3v)
Cisco NX-OS Software 10.4(1)
Cisco NX-OS Software 10.3(99w)
Cisco NX-OS Software 10.2(6)
Cisco NX-OS Software 10.3(3w)
Cisco NX-OS Software 10.3(99x)
Cisco NX-OS Software 10.3(3o)
Cisco NX-OS Software 10.3(4)
Cisco NX-OS Software 10.3(3p)
Cisco NX-OS Software 10.3(4a)
Cisco NX-OS Software 10.4(2)
Cisco NX-OS Software 10.3(3q)
Cisco NX-OS Software 10.3(3x)
Cisco NX-OS Software 10.3(4g)
Cisco NX-OS Software 10.3(3r)
Cisco NX-OS System Software in ACI Mode 16.0(2h)
Cisco NX-OS System Software in ACI Mode 16.0(2j)
Cisco NX-OS System Software in ACI Mode 16.0(3d)
Cisco NX-OS System Software in ACI Mode 16.0(3e)
Cisco NX-OS System Software in ACI Mode 16.0(4c)
Cisco NX-OS System Software in ACI Mode 16.0(5h)
Cisco NX-OS System Software in ACI Mode 16.0(3g)
Cisco NX-OS System Software in ACI Mode 16.0(5j)
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • Cisco

Products

  • Cisco NX-OS Software,
  • Cisco NX-OS System Software in ACI Mode

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis