CVE-2024-20536

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 6, 2024

CWE ID 89

Summary

CVE-2024-20536 is a vulnerability affecting the REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC). This issue allows authenticated, remote attackers with read-only privileges to execute arbitrary SQL commands on an affected device due to insufficient input validation. A successful exploit could enable an attacker to read, modify, or delete data from an internal database, potentially impacting the device's availability. Attackers could exploit this vulnerability by sending crafted requests to specific endpoints.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0RZMSL
https://www.cve.org/CVERecord?id=CVE-2024-20536
https://nvd.nist.gov/vuln/detail/CVE-2024-20536

Back to Vulnerability Database

CVE-2024-20536

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations