CVE-2024-20411

EPSS 0.04%
Published 28.08.2024 17:15:09
Last modified 29.08.2024 13:25:27
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device.

This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing a specific crafted command on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary code with the privileges of root.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorcisco

≫

Product nx-os

Default Statusunknown

Version 9.2\(3\)

Status affected

Version 7.0\(3\)i5\(2\)

Status affected

Version 6.0\(2\)a8\(7a\)

Status affected

Version 7.0\(3\)i4\(5\)

Status affected

Version 6.0\(2\)a6\(1\)

Status affected

Version 7.0\(3\)i4\(6\)

Status affected

Version 7.0\(3\)i4\(3\)

Status affected

Version 9.2\(2v\)

Status affected

Version 6.0\(2\)a6\(5b\)

Status affected

Version 7.0\(3\)i4\(7\)

Status affected

Version 6.0\(2\)u6\(1a\)

Status affected

Version 7.0\(3\)i4\(1\)

Status affected

Version 7.0\(3\)i4\(8\)

Status affected

Version 7.0\(3\)i4\(2\)

Status affected

Version 7.0\(3\)im3\(1\)

Status affected

Version 6.0\(2\)u6\(5a\)

Status affected

Version 6.0\(2\)a8\(11\)

Status affected

Version 6.0\(2\)a6\(4a\)

Status affected

Version 9.2\(1\)

Status affected

Version 9.2\(2t\)

Status affected

Version 9.2\(3y\)

Status affected

Version 7.0\(3\)i4\(1t\)

Status affected

Version 6.0\(2\)u6\(5c\)

Status affected

Version 6.0\(2\)a6\(4\)

Status affected

Version 7.0\(3\)i7\(6z\)

Status affected

Version 9.3\(2\)

Status affected

Version 7.0\(3\)f3\(3\)

Status affected

Version 6.0\(2\)u6\(6\)

Status affected

Version 7.0\(3\)i7\(3z\)

Status affected

Version 7.0\(3\)im7\(2\)

Status affected

Version 6.0\(2\)a8\(11b\)

Status affected

Version 7.0\(3\)i7\(5a\)

Status affected

Version 7.0\(3\)i6\(1\)

Status affected

Version 6.0\(2\)u6\(10\)

Status affected

Version 7.0\(3\)im3\(2\)

Status affected

Version 6.0\(2\)a6\(8\)

Status affected

Version 6.0\(2\)u6\(1\)

Status affected

Version 7.0\(3\)i5\(3b\)

Status affected

Version 6.0\(2\)a6\(2a\)

Status affected

Version 6.0\(2\)u6\(7\)

Status affected

Version 9.2\(4\)

Status affected

Version 7.0\(3\)im3\(2a\)

Status affected

Version 6.0\(2\)a8\(10\)

Status affected

Version 6.0\(2\)a8\(2\)

Status affected

Version 7.0\(3\)ic4\(4\)

Status affected

Version 6.0\(2\)a6\(3\)

Status affected

Version 6.0\(2\)u6\(5b\)

Status affected

Version 7.0\(3\)f3\(3c\)

Status affected

Version 7.0\(3\)f3\(1\)

Status affected

Version 6.0\(2\)u6\(5\)

Status affected

Version 7.0\(3\)f3\(5\)

Status affected

Version 6.0\(2\)a6\(7\)

Status affected

Version 7.0\(3\)i7\(2\)

Status affected

Version 6.0\(2\)a6\(5\)

Status affected

Version 7.0\(3\)im3\(2b\)

Status affected

Version 6.0\(2\)u6\(4a\)

Status affected

Version 7.0\(3\)i5\(3\)

Status affected

Version 7.0\(3\)i7\(3\)

Status affected

Version 6.0\(2\)a8\(6\)

Status affected

Version 7.0\(3\)i6\(2\)

Status affected

Version 6.0\(2\)a8\(5\)

Status affected

Version 6.0\(2\)u6\(8\)

Status affected

Version 7.0\(3\)im3\(3\)

Status affected

Version 9.3\(1\)

Status affected

Version 6.0\(2\)u6\(2\)

Status affected

Version 6.0\(2\)a8\(7\)

Status affected

Version 7.0\(3\)i7\(6\)

Status affected

Version 6.0\(2\)u6\(3a\)

Status affected

Version 6.0\(2\)a8\(11a\)

Status affected

Version 7.0\(3\)i4\(8z\)

Status affected

Version 7.0\(3\)i4\(9\)

Status affected

Version 7.0\(3\)i7\(4\)

Status affected

Version 7.0\(3\)i7\(7\)

Status affected

Version 6.0\(2\)a8\(9\)

Status affected

Version 6.0\(2\)a8\(1\)

Status affected

Version 6.0\(2\)a6\(6\)

Status affected

Version 6.0\(2\)a8\(10a\)

Status affected

Version 7.0\(3\)i5\(1\)

Status affected

Version 9.3\(1z\)

Status affected

Version 9.2\(2\)

Status affected

Version 7.0\(3\)f3\(4\)

Status affected

Version 7.0\(3\)i4\(8b\)

Status affected

Version 6.0\(2\)a8\(3\)

Status affected

Version 7.0\(3\)i4\(6t\)

Status affected

Version 7.0\(3\)i5\(3a\)

Status affected

Version 6.0\(2\)a8\(8\)

Status affected

Version 7.0\(3\)i7\(5\)

Status affected

Version 7.0\(3\)f3\(3a\)

Status affected

Version 6.0\(2\)a8\(4\)

Status affected

Version 6.0\(2\)a6\(3a\)

Status affected

Version 6.0\(2\)a6\(5a\)

Status affected

Version 7.0\(3\)f2\(1\)

Status affected

Version 7.0\(3\)i4\(8a\)

Status affected

Version 6.0\(2\)u6\(9\)

Status affected

Version 7.0\(3\)f3\(2\)

Status affected

Version 6.0\(2\)u6\(2a\)

Status affected

Version 7.0\(3\)i4\(4\)

Status affected

Version 6.0\(2\)u6\(3\)

Status affected

Version 7.0\(3\)i7\(1\)

Status affected

Version 7.0\(3\)f2\(2\)

Status affected

Version 7.0\(3\)ia7\(2\)

Status affected

Version 7.0\(3\)ia7\(1\)

Status affected

Version 6.0\(2\)a8\(7b\)

Status affected

Version 7.0\(3\)f1\(1\)

Status affected

Version 6.0\(2\)a6\(1a\)

Status affected

Version 6.0\(2\)a6\(2\)

Status affected

Version 6.0\(2\)a8\(4a\)

Status affected

Version 6.0\(2\)u6\(4\)

Status affected

Version 9.3\(3\)

Status affected

Version 7.0\(3\)i7\(8\)

Status affected

Version 6.0\(2\)u6\(10a\)

Status affected

Version 9.3\(4\)

Status affected

Version 9.3\(5\)

Status affected

Version 7.0\(3\)i7\(9\)

Status affected

Version 9.3\(6\)

Status affected

Version 10.1\(2\)

Status affected

Version 10.1\(1\)

Status affected

Version 9.3\(5w\)

Status affected

Version 9.3\(7\)

Status affected

Version 9.3\(7k\)

Status affected

Version 7.0\(3\)i7\(9w\)

Status affected

Version 10.2\(1\)

Status affected

Version 9.3\(7a\)

Status affected

Version 9.3\(8\)

Status affected

Version 7.0\(3\)i7\(10\)

Status affected

Version 10.2\(1q\)

Status affected

Version 10.2\(2\)

Status affected

Version 9.3\(9\)

Status affected

Version 10.1\(2t\)

Status affected

Version 10.2\(3\)

Status affected

Version 10.2\(3t\)

Status affected

Version 9.3\(10\)

Status affected

Version 10.2\(2a\)

Status affected

Version 10.3\(1\)

Status affected

Version 10.2\(4\)

Status affected

Version 10.3\(2\)

Status affected

Version 9.3\(11\)

Status affected

Version 10.3\(3\)

Status affected

Version 10.2\(5\)

Status affected

Version 9.3\(12\)

Status affected

Version 10.2\(3v\)

Status affected

Version 10.4\(1\)

Status affected

Version 10.3\(99w\)

Status affected

Version 10.2\(6\)

Status affected

Version 10.3\(3w\)

Status affected

Version 10.3\(99x\)

Status affected

Version 10.3\(3o\)

Status affected

Version 10.3\(4\)

Status affected

Version 10.3\(3p\)

Status affected

Version 10.3\(4a\)

Status affected

Version 10.4\(2\)

Status affected

Version 10.3\(3q\)

Status affected

Version 9.3\(13\)

Status affected

Version 10.2\(7\)

Status affected

Version 10.3\(3x\)

Status affected

Version 10.3\(4g\)

Status affected

Version 10.3\(3r\)

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.108

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@cisco.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-267 Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7

https://nvd.nist.gov/vuln/detail/CVE-2024-20411

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20411

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20411

EUVD