CVE-2024-20449

Relative Path Traversal (CWE-23)

Published: Oct 2, 2024 / Updated: 48d ago

010
CVSS 8.8EPSS 0.04%High
CVE info copied to clipboard

Summary

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques.

Impact

A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges of root. This vulnerability has high impact on confidentiality, integrity, and availability of the affected system. The vulnerability affects Cisco Nexus Dashboard Fabric Controller versions 12.0.0 through 12.2.2.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Cisco has released a security advisory with patch information, which can be found at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-ptrce-BUSHLbp

Mitigation

While specific mitigation recommendations are not provided in the vulnerability data, potential mitigations could include implementing proper input validation and restricting access to SCP functionality. It is strongly recommended to apply the available patch as soon as possible.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-20449

Oct 2, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-20449. See article

Oct 2, 2024 at 5:18 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 2, 2024 at 5:19 PM
CVSS

A CVSS base score of 8.8 has been assigned.

Oct 2, 2024 at 5:21 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Oct 3, 2024 at 10:10 AM
Threat Intelligence Report

CVE-2024-20449 is a directory traversal vulnerability in Cisco Nexus Dashboard Fabric Controller that allows an authenticated, remote attacker with low privileges to execute arbitrary code, with a CVSS exploitability score of 2.8 out of 4, indicating low attack complexity but very high potential impact. The vulnerability arises from improper path validation, enabling exploitation via the Secure Copy Protocol (SCP) to upload malicious code. The affected versions range from 12.0.0 to 12.2.2, but the article does not mention any proof-of-concept exploits, mitigations, detections, patches, or downstream impacts on third-party vendors. See article

Oct 8, 2024 at 5:30 PM
Static CVE Timeline Graph

Affected Systems

Cisco/nexus_dashboard_fabric_controller
+null more

Patches

sec.cloudapps.cisco.com
+null more

Attack Patterns

CAPEC-139: Relative Path Traversal
+null more

References

Critical to medium vulnerabilities fixed in several Cisco products
Summary: A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. Summary: A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device.This vulnerability is due to improper path validation.
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. CVE-2024-20449 is a vulnerability in Cisco Nexus Dashboard Fabric Controller

News

cisco cisco-sa-ndfc-sqli-CyPPAxrL: Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability
Development Last Updated: 11/7/2024 CVEs: CVE-2024-20490 , CVE-2024-20448 , CVE-2024-20444 , CVE-2024-20491 , CVE-2024-20449 , CVE-2024-20477 , CVE-2024-20536 , CVE-2024-20442 , CVE-2024-20441 , CVE-2024-20432 , CVE-2024-20385 , CVE-2024-20438
Cisco End-of-Month Security Updates Roundup for October 2024
Vulnerable products include the company’s Firepower Threat Defense (FTD) software, Secure Firewall Management Centre, Adaptive Security Appliance (ASA) and the Nexus Dashboard Fabric Controller – some of which we have featured in our ‘Known Exploited Vulnerability’ (KEV) roundups in blog posts earlier this month. The Cisco security advisories issued in October 2024 include high-priority fixes for critical Command Injection and Remote Command Execution (RCE) vulnerabilities in the company’s products.
Vulnerability Summary for the Week of September 30, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info n/a–n/a An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication. 2024-09-30 10 CVE-2024-42017 cve@mitre.org cve@mitre.org Cisco–Cisco Data Center Network Manager A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges. Note: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment. 2024-10-02 9.9 CVE-2024-20432 ykramarz@cisco.com n/a–n/a The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges.
October 2024 Threat Advisory – Top 5
[ Critical ] – CVE-2024-9464 – An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. [ Critical ] – CVE-2024-9463 – An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Security Bulletin 09 Oct 2024 - Cyber Security Agency of Singapore
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Chart Builder Team Chartify allows ...
See 22 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI