CVE-2024-20444

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

Published: Oct 2, 2024 / Updated: 48d ago

010
CVSS 5.5EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint.

Impact

A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition. The vulnerability has a high impact on integrity and a low impact on availability, with no impact on confidentiality.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Cisco has released security updates to address this vulnerability.

Mitigation

1. Apply the security updates provided by Cisco as soon as possible. 2. Ensure that only trusted users have network-admin privileges. 3. Monitor and audit access to the REST API endpoint that could be used to exploit this vulnerability. 4. Implement network segmentation to limit the potential impact of an exploit. 5. Regularly review and update access control lists for administrative interfaces.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Timeline

First Article

Feedly found the first article mentioning CVE-2024-20444. See article

Oct 2, 2024 at 5:03 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 2, 2024 at 5:03 PM
CVE Assignment

NVD published the first details for CVE-2024-20444

Oct 2, 2024 at 5:15 PM
CVSS

A CVSS base score of 5.5 has been assigned.

Oct 2, 2024 at 5:21 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Oct 3, 2024 at 10:10 AM
Static CVE Timeline Graph

Affected Systems

Cisco/nexus_dashboard_fabric_controller
+null more

Patches

sec.cloudapps.cisco.com
+null more

Attack Patterns

CAPEC-137: Parameter Injection
+null more

References

Critical to medium vulnerabilities fixed in several Cisco products
Summary: A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. Summary: A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device.This vulnerability is due to improper path validation.
Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device.   This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-raci-T46k3jnN Security Impact Rating: Medium CVE: CVE-2024-20444

News

cisco cisco-sa-ndfc-sqli-CyPPAxrL: Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability
Development Last Updated: 11/7/2024 CVEs: CVE-2024-20490 , CVE-2024-20448 , CVE-2024-20444 , CVE-2024-20491 , CVE-2024-20449 , CVE-2024-20477 , CVE-2024-20536 , CVE-2024-20442 , CVE-2024-20441 , CVE-2024-20432 , CVE-2024-20385 , CVE-2024-20438
cveNotify : 🚨 CVE-2024-20444A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.🎖@cveNotify
cveNotify : 🚨 CVE-2024-20444A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.🎖@cveNotify
cveNotify : 🚨 CVE-2024-20444A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.🎖@cveNotify
cveNotify : 🚨 CVE-2024-20444A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.🎖@cveNotify
Security updates: Cisco patches flaws in products across the board - Heise
With a good dozen security advisories, Cisco is fixing a number of gaps in VPN routers, security appliances from the Meraki series, blade centers and the cloud network management "Nexus Dashboard". The bug allows an attacker with a valid user account to execute arbitrary code on a device managed by a vulnerable NDFC instance.
Multiple vulnerabilities in Cisco Nexus Dashboard Fabric Controller (NDFC)
The vulnerability allows a local attacker to gain access to potentially sensitive information. Subscribe Cisco Nexus Dashboard Fabric Controller (NDFC)
See 18 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:High
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI