Cisco NX-OS Command Injection Vulnerability

Added July 2, 2024 • Due July 23, 2024 • CVE-2024-20399

Overdue Cisco / NX-OS CWE-78

Description

Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP
https://nvd.nist.gov/vuln/detail/CVE-2024-20399

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 6 months, 3 weeks ago