CVE-2024-20413

EPSS 0.04%
Veröffentlicht 28.08.2024 17:15:09
Zuletzt bearbeitet 29.08.2024 13:25:27
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device.

This vulnerability is due to insufficient security restrictions when executing application arguments from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to create new users with the privileges of network-admin.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellercisco

≫

Produkt nx-os

Default Statusunknown

Version 9.2\(3\)

Status affected

Version 7.0\(3\)i5\(2\)

Status affected

Version 6.0\(2\)a8\(7a\)

Status affected

Version 7.0\(3\)i4\(5\)

Status affected

Version 6.0\(2\)a6\(1\)

Status affected

Version 7.0\(3\)i4\(6\)

Status affected

Version 7.0\(3\)i4\(3\)

Status affected

Version 9.2\(2v\)

Status affected

Version 6.0\(2\)a6\(5b\)

Status affected

Version 7.0\(3\)i4\(7\)

Status affected

Version 6.0\(2\)u6\(1a\)

Status affected

Version 7.0\(3\)i4\(1\)

Status affected

Version 7.0\(3\)i4\(8\)

Status affected

Version 7.0\(3\)i4\(2\)

Status affected

Version 7.0\(3\)im3\(1\)

Status affected

Version 6.0\(2\)u6\(5a\)

Status affected

Version 6.0\(2\)a8\(11\)

Status affected

Version 6.0\(2\)a6\(4a\)

Status affected

Version 9.2\(1\)

Status affected

Version 9.2\(2t\)

Status affected

Version 9.2\(3y\)

Status affected

Version 7.0\(3\)i4\(1t\)

Status affected

Version 6.0\(2\)u6\(5c\)

Status affected

Version 6.0\(2\)a6\(4\)

Status affected

Version 7.0\(3\)i7\(6z\)

Status affected

Version 9.3\(2\)

Status affected

Version 7.0\(3\)f3\(3\)

Status affected

Version 6.0\(2\)u6\(6\)

Status affected

Version 7.0\(3\)i7\(3z\)

Status affected

Version 7.0\(3\)im7\(2\)

Status affected

Version 6.0\(2\)a8\(11b\)

Status affected

Version 7.0\(3\)i7\(5a\)

Status affected

Version 7.0\(3\)i6\(1\)

Status affected

Version 6.0\(2\)u6\(10\)

Status affected

Version 7.0\(3\)im3\(2\)

Status affected

Version 6.0\(2\)a6\(8\)

Status affected

Version 6.0\(2\)u6\(1\)

Status affected

Version 7.0\(3\)i5\(3b\)

Status affected

Version 6.0\(2\)a6\(2a\)

Status affected

Version 6.0\(2\)u6\(7\)

Status affected

Version 9.2\(4\)

Status affected

Version 7.0\(3\)im3\(2a\)

Status affected

Version 6.0\(2\)a8\(10\)

Status affected

Version 6.0\(2\)a8\(2\)

Status affected

Version 7.0\(3\)ic4\(4\)

Status affected

Version 6.0\(2\)a6\(3\)

Status affected

Version 6.0\(2\)u6\(5b\)

Status affected

Version 7.0\(3\)f3\(3c\)

Status affected

Version 7.0\(3\)f3\(1\)

Status affected

Version 6.0\(2\)u6\(5\)

Status affected

Version 7.0\(3\)f3\(5\)

Status affected

Version 6.0\(2\)a6\(7\)

Status affected

Version 7.0\(3\)i7\(2\)

Status affected

Version 6.0\(2\)a6\(5\)

Status affected

Version 7.0\(3\)im3\(2b\)

Status affected

Version 6.0\(2\)u6\(4a\)

Status affected

Version 7.0\(3\)i5\(3\)

Status affected

Version 7.0\(3\)i7\(3\)

Status affected

Version 6.0\(2\)a8\(6\)

Status affected

Version 7.0\(3\)i6\(2\)

Status affected

Version 6.0\(2\)a8\(5\)

Status affected

Version 6.0\(2\)u6\(8\)

Status affected

Version 7.0\(3\)im3\(3\)

Status affected

Version 9.3\(1\)

Status affected

Version 6.0\(2\)u6\(2\)

Status affected

Version 6.0\(2\)a8\(7\)

Status affected

Version 7.0\(3\)i7\(6\)

Status affected

Version 6.0\(2\)u6\(3a\)

Status affected

Version 6.0\(2\)a8\(11a\)

Status affected

Version 7.0\(3\)i4\(8z\)

Status affected

Version 7.0\(3\)i4\(9\)

Status affected

Version 7.0\(3\)i7\(4\)

Status affected

Version 7.0\(3\)i7\(7\)

Status affected

Version 6.0\(2\)a8\(9\)

Status affected

Version 6.0\(2\)a8\(1\)

Status affected

Version 6.0\(2\)a6\(6\)

Status affected

Version 6.0\(2\)a8\(10a\)

Status affected

Version 7.0\(3\)i5\(1\)

Status affected

Version 9.3\(1z\)

Status affected

Version 9.2\(2\)

Status affected

Version 7.0\(3\)f3\(4\)

Status affected

Version 7.0\(3\)i4\(8b\)

Status affected

Version 6.0\(2\)a8\(3\)

Status affected

Version 7.0\(3\)i4\(6t\)

Status affected

Version 7.0\(3\)i5\(3a\)

Status affected

Version 6.0\(2\)a8\(8\)

Status affected

Version 7.0\(3\)i7\(5\)

Status affected

Version 7.0\(3\)f3\(3a\)

Status affected

Version 6.0\(2\)a8\(4\)

Status affected

Version 6.0\(2\)a6\(3a\)

Status affected

Version 6.0\(2\)a6\(5a\)

Status affected

Version 7.0\(3\)f2\(1\)

Status affected

Version 7.0\(3\)i4\(8a\)

Status affected

Version 6.0\(2\)u6\(9\)

Status affected

Version 7.0\(3\)f3\(2\)

Status affected

Version 6.0\(2\)u6\(2a\)

Status affected

Version 7.0\(3\)i4\(4\)

Status affected

Version 6.0\(2\)u6\(3\)

Status affected

Version 7.0\(3\)i7\(1\)

Status affected

Version 7.0\(3\)f2\(2\)

Status affected

Version 7.0\(3\)ia7\(2\)

Status affected

Version 7.0\(3\)ia7\(1\)

Status affected

Version 6.0\(2\)a8\(7b\)

Status affected

Version 7.0\(3\)f1\(1\)

Status affected

Version 6.0\(2\)a6\(1a\)

Status affected

Version 6.0\(2\)a6\(2\)

Status affected

Version 6.0\(2\)a8\(4a\)

Status affected

Version 6.0\(2\)u6\(4\)

Status affected

Version 9.3\(3\)

Status affected

Version 7.0\(3\)i7\(8\)

Status affected

Version 6.0\(2\)u6\(10a\)

Status affected

Version 9.3\(4\)

Status affected

Version 9.3\(5\)

Status affected

Version 7.0\(3\)i7\(9\)

Status affected

Version 9.3\(6\)

Status affected

Version 10.1\(2\)

Status affected

Version 10.1\(1\)

Status affected

Version 9.3\(5w\)

Status affected

Version 9.3\(7\)

Status affected

Version 9.3\(7k\)

Status affected

Version 7.0\(3\)i7\(9w\)

Status affected

Version 10.2\(1\)

Status affected

Version 9.3\(7a\)

Status affected

Version 9.3\(8\)

Status affected

Version 7.0\(3\)i7\(10\)

Status affected

Version 10.2\(1q\)

Status affected

Version 10.2\(2\)

Status affected

Version 9.3\(9\)

Status affected

Version 10.1\(2t\)

Status affected

Version 10.2\(3\)

Status affected

Version 10.2\(3t\)

Status affected

Version 9.3\(10\)

Status affected

Version 10.2\(2a\)

Status affected

Version 10.3\(1\)

Status affected

Version 10.2\(4\)

Status affected

Version 10.3\(2\)

Status affected

Version 9.3\(11\)

Status affected

Version 10.3\(3\)

Status affected

Version 10.2\(5\)

Status affected

Version 9.3\(12\)

Status affected

Version 10.2\(3v\)

Status affected

Version 10.4\(1\)

Status affected

Version 10.3\(99w\)

Status affected

Version 10.2\(6\)

Status affected

Version 10.3\(3w\)

Status affected

Version 10.3\(99x\)

Status affected

Version 10.3\(3o\)

Status affected

Version 10.3\(4\)

Status affected

Version 10.3\(3p\)

Status affected

Version 10.3\(4a\)

Status affected

Version 10.4\(2\)

Status affected

Version 10.3\(3q\)

Status affected

Version 9.3\(13\)

Status affected

Version 10.2\(7\)

Status affected

Version 10.3\(3x\)

Status affected

Version 10.3\(4g\)

Status affected

Version 10.3\(3r\)

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.133

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7

https://nvd.nist.gov/vuln/detail/CVE-2024-20413

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20413

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20413

EUVD