2024年7月5日星期五

Cisco NX-OS Remote Code Execution Vulnerability

Release Date: 5 Jul 2024

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

A vulnerability has been identified in Cisco NX-OS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition.

Note:

The CVE-2024-20399 vulnerability is being exploited in the wild. This vulnerability could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device.

To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials.

Impact

Remote Code Execution

System / Technologies affected

MDS 9000 Series Multilayer Switches
Nexus 3000 Series Switches
Nexus 5500 Platform Switches
Nexus 5600 Platform Switches
Nexus 6000 Series Switches
Nexus 7000 Series Switches
Nexus 9000 Series Switches in standalone NX-OS mode

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP

Vulnerability Identifier

CVE-2024-20399

Source

Cisco

2024年7月5日星期五

Cisco NX-OS Remote Code Execution Vulnerability

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link

沒有留言:

發佈留言

Adobe 每月保安更新 (2025年7月)

舉報濫用