CVE-2024-20413

EPSS 0.04%
Published 28.08.2024 17:15:09
Last modified 29.08.2024 13:25:27
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device.

This vulnerability is due to insufficient security restrictions when executing application arguments from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to create new users with the privileges of network-admin.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorcisco

≫

Product nx-os

Default Statusunknown

Version 9.2\(3\)

Status affected

Version 7.0\(3\)i5\(2\)

Status affected

Version 6.0\(2\)a8\(7a\)

Status affected

Version 7.0\(3\)i4\(5\)

Status affected

Version 6.0\(2\)a6\(1\)

Status affected

Version 7.0\(3\)i4\(6\)

Status affected

Version 7.0\(3\)i4\(3\)

Status affected

Version 9.2\(2v\)

Status affected

Version 6.0\(2\)a6\(5b\)

Status affected

Version 7.0\(3\)i4\(7\)

Status affected

Version 6.0\(2\)u6\(1a\)

Status affected

Version 7.0\(3\)i4\(1\)

Status affected

Version 7.0\(3\)i4\(8\)

Status affected

Version 7.0\(3\)i4\(2\)

Status affected

Version 7.0\(3\)im3\(1\)

Status affected

Version 6.0\(2\)u6\(5a\)

Status affected

Version 6.0\(2\)a8\(11\)

Status affected

Version 6.0\(2\)a6\(4a\)

Status affected

Version 9.2\(1\)

Status affected

Version 9.2\(2t\)

Status affected

Version 9.2\(3y\)

Status affected

Version 7.0\(3\)i4\(1t\)

Status affected

Version 6.0\(2\)u6\(5c\)

Status affected

Version 6.0\(2\)a6\(4\)

Status affected

Version 7.0\(3\)i7\(6z\)

Status affected

Version 9.3\(2\)

Status affected

Version 7.0\(3\)f3\(3\)

Status affected

Version 6.0\(2\)u6\(6\)

Status affected

Version 7.0\(3\)i7\(3z\)

Status affected

Version 7.0\(3\)im7\(2\)

Status affected

Version 6.0\(2\)a8\(11b\)

Status affected

Version 7.0\(3\)i7\(5a\)

Status affected

Version 7.0\(3\)i6\(1\)

Status affected

Version 6.0\(2\)u6\(10\)

Status affected

Version 7.0\(3\)im3\(2\)

Status affected

Version 6.0\(2\)a6\(8\)

Status affected

Version 6.0\(2\)u6\(1\)

Status affected

Version 7.0\(3\)i5\(3b\)

Status affected

Version 6.0\(2\)a6\(2a\)

Status affected

Version 6.0\(2\)u6\(7\)

Status affected

Version 9.2\(4\)

Status affected

Version 7.0\(3\)im3\(2a\)

Status affected

Version 6.0\(2\)a8\(10\)

Status affected

Version 6.0\(2\)a8\(2\)

Status affected

Version 7.0\(3\)ic4\(4\)

Status affected

Version 6.0\(2\)a6\(3\)

Status affected

Version 6.0\(2\)u6\(5b\)

Status affected

Version 7.0\(3\)f3\(3c\)

Status affected

Version 7.0\(3\)f3\(1\)

Status affected

Version 6.0\(2\)u6\(5\)

Status affected

Version 7.0\(3\)f3\(5\)

Status affected

Version 6.0\(2\)a6\(7\)

Status affected

Version 7.0\(3\)i7\(2\)

Status affected

Version 6.0\(2\)a6\(5\)

Status affected

Version 7.0\(3\)im3\(2b\)

Status affected

Version 6.0\(2\)u6\(4a\)

Status affected

Version 7.0\(3\)i5\(3\)

Status affected

Version 7.0\(3\)i7\(3\)

Status affected

Version 6.0\(2\)a8\(6\)

Status affected

Version 7.0\(3\)i6\(2\)

Status affected

Version 6.0\(2\)a8\(5\)

Status affected

Version 6.0\(2\)u6\(8\)

Status affected

Version 7.0\(3\)im3\(3\)

Status affected

Version 9.3\(1\)

Status affected

Version 6.0\(2\)u6\(2\)

Status affected

Version 6.0\(2\)a8\(7\)

Status affected

Version 7.0\(3\)i7\(6\)

Status affected

Version 6.0\(2\)u6\(3a\)

Status affected

Version 6.0\(2\)a8\(11a\)

Status affected

Version 7.0\(3\)i4\(8z\)

Status affected

Version 7.0\(3\)i4\(9\)

Status affected

Version 7.0\(3\)i7\(4\)

Status affected

Version 7.0\(3\)i7\(7\)

Status affected

Version 6.0\(2\)a8\(9\)

Status affected

Version 6.0\(2\)a8\(1\)

Status affected

Version 6.0\(2\)a6\(6\)

Status affected

Version 6.0\(2\)a8\(10a\)

Status affected

Version 7.0\(3\)i5\(1\)

Status affected

Version 9.3\(1z\)

Status affected

Version 9.2\(2\)

Status affected

Version 7.0\(3\)f3\(4\)

Status affected

Version 7.0\(3\)i4\(8b\)

Status affected

Version 6.0\(2\)a8\(3\)

Status affected

Version 7.0\(3\)i4\(6t\)

Status affected

Version 7.0\(3\)i5\(3a\)

Status affected

Version 6.0\(2\)a8\(8\)

Status affected

Version 7.0\(3\)i7\(5\)

Status affected

Version 7.0\(3\)f3\(3a\)

Status affected

Version 6.0\(2\)a8\(4\)

Status affected

Version 6.0\(2\)a6\(3a\)

Status affected

Version 6.0\(2\)a6\(5a\)

Status affected

Version 7.0\(3\)f2\(1\)

Status affected

Version 7.0\(3\)i4\(8a\)

Status affected

Version 6.0\(2\)u6\(9\)

Status affected

Version 7.0\(3\)f3\(2\)

Status affected

Version 6.0\(2\)u6\(2a\)

Status affected

Version 7.0\(3\)i4\(4\)

Status affected

Version 6.0\(2\)u6\(3\)

Status affected

Version 7.0\(3\)i7\(1\)

Status affected

Version 7.0\(3\)f2\(2\)

Status affected

Version 7.0\(3\)ia7\(2\)

Status affected

Version 7.0\(3\)ia7\(1\)

Status affected

Version 6.0\(2\)a8\(7b\)

Status affected

Version 7.0\(3\)f1\(1\)

Status affected

Version 6.0\(2\)a6\(1a\)

Status affected

Version 6.0\(2\)a6\(2\)

Status affected

Version 6.0\(2\)a8\(4a\)

Status affected

Version 6.0\(2\)u6\(4\)

Status affected

Version 9.3\(3\)

Status affected

Version 7.0\(3\)i7\(8\)

Status affected

Version 6.0\(2\)u6\(10a\)

Status affected

Version 9.3\(4\)

Status affected

Version 9.3\(5\)

Status affected

Version 7.0\(3\)i7\(9\)

Status affected

Version 9.3\(6\)

Status affected

Version 10.1\(2\)

Status affected

Version 10.1\(1\)

Status affected

Version 9.3\(5w\)

Status affected

Version 9.3\(7\)

Status affected

Version 9.3\(7k\)

Status affected

Version 7.0\(3\)i7\(9w\)

Status affected

Version 10.2\(1\)

Status affected

Version 9.3\(7a\)

Status affected

Version 9.3\(8\)

Status affected

Version 7.0\(3\)i7\(10\)

Status affected

Version 10.2\(1q\)

Status affected

Version 10.2\(2\)

Status affected

Version 9.3\(9\)

Status affected

Version 10.1\(2t\)

Status affected

Version 10.2\(3\)

Status affected

Version 10.2\(3t\)

Status affected

Version 9.3\(10\)

Status affected

Version 10.2\(2a\)

Status affected

Version 10.3\(1\)

Status affected

Version 10.2\(4\)

Status affected

Version 10.3\(2\)

Status affected

Version 9.3\(11\)

Status affected

Version 10.3\(3\)

Status affected

Version 10.2\(5\)

Status affected

Version 9.3\(12\)

Status affected

Version 10.2\(3v\)

Status affected

Version 10.4\(1\)

Status affected

Version 10.3\(99w\)

Status affected

Version 10.2\(6\)

Status affected

Version 10.3\(3w\)

Status affected

Version 10.3\(99x\)

Status affected

Version 10.3\(3o\)

Status affected

Version 10.3\(4\)

Status affected

Version 10.3\(3p\)

Status affected

Version 10.3\(4a\)

Status affected

Version 10.4\(2\)

Status affected

Version 10.3\(3q\)

Status affected

Version 9.3\(13\)

Status affected

Version 10.2\(7\)

Status affected

Version 10.3\(3x\)

Status affected

Version 10.3\(4g\)

Status affected

Version 10.3\(3r\)

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.133

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@cisco.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7

https://nvd.nist.gov/vuln/detail/CVE-2024-20413

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20413

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20413

EUVD