Imechapishwa: Oct 07, 2024 14:49
Advisory No: TZCERT-SA-24-0030
Source: Cisco
Software Affected: Cisco Nexus Dashboard Fabric Controller
Cisco Nexus Dashboard Fabric Controller is affected by a critical vulnerability. The vulnerability could allow a remote attacker to perform a command injection against the affected device.
Cisco Nexus Dashboard Fabric Controller is affected by a critical vulnerability tracked as CVE-2024-20432 with a base score of 9.9. The vulnerability is due to improper user authorization and insufficient validation of command arguments. The vulnerabilities allow the attacker to submit crafted commands to an affected REST API endpoint or through the web UI. Upon successful submission, the attacker could execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network admin privileges.
Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.
Cisco has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.