CVE-2024-20444

{"id": "CVE-2024-20444", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.2}]}, "published": "2024-10-02T17:15:16.390", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-raci-T46k3jnN", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-88"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-88"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device.\r\n \r\nThis vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Nexus Dashboard Fabric Controller (NDFC), anteriormente Cisco Data Center Network Manager (DCNM), podr\u00eda permitir que un atacante remoto autenticado con privilegios de administrador de red realice un ataque de inyecci\u00f3n de comandos contra un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de los argumentos de los comandos. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando argumentos de comandos manipulados a un endpoint de API REST espec\u00edfico. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante sobrescribir archivos confidenciales o bloquear un contenedor espec\u00edfico, que se reiniciar\u00eda por s\u00ed solo, lo que provocar\u00eda una condici\u00f3n de denegaci\u00f3n de servicio (DoS) de bajo impacto."}], "lastModified": "2024-10-08T15:26:38.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E78B4AC-793B-4405-896F-31398AF7CBD2", "versionEndExcluding": "12.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}