CVE-2024-20289

Summary

CVE-2024-20289 is a vulnerability in the CLI of Cisco NX-OS Software that allows an authenticated, low-privileged local attacker to execute arbitrary commands on the device's underlying operating system due to improper input validation. Affected products include various models of Cisco NX-OS Software, which could be exploited through crafted command arguments. Remediation involves updating to the latest software versions provided by Cisco, as they address this security flaw. The potential danger posed by this vulnerability includes unauthorized command execution, which can compromise system integrity and lead to broader security risks within an organization. Its severity is rated medium, with a CVSS base score of 4.4, indicating that while it requires low privileges for exploitation, it still poses a notable threat if left unaddressed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.