CVE-2024-20449

Summary

CVE-2024-20449 is a vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) that allows an authenticated, remote attacker with low privileges to execute arbitrary code on affected devices. The issue arises from improper path validation, enabling attackers to exploit it via the Secure Copy Protocol (SCP) and path traversal techniques. This could lead to code execution within a specific container with root-level privileges, potentially compromising the integrity and confidentiality of the system. Affected products include various models of the NDFC, which are at high risk due to the low complexity of exploitation and significant impact on confidentiality, integrity, and availability. Organizations are advised to apply relevant patches or updates from Cisco as a remediation step.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.