A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-Lq6jsZhH
This advisory is part of the August 2024 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2024 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.
Security Impact Rating: Medium
CVE: CVE-2024-20289
Source:: Cisco Security Advisories