Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2024-20411 CVE-2024-20413 |
CWE-ID | CWE-267 CWE-862 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco NX-OS Operating systems & Components / Operating system Cisco Nexus 3000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 9000 Series Switches NX-OS Mode Hardware solutions / Routers & switches, VoIP, GSM, etc |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU96607
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20411
CWE-ID:
CWE-267 - Privilege Defined With Unsafe Actions
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to insufficient security restrictions when executing commands from the Bash shell. A local administrator can execute arbitrary code with the privileges of root.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco NX-OS: 6.0(2)A6(1) - 10.4(2)
Cisco Nexus 3000 Series Switches: All versions
Cisco Nexus 9000 Series Switches NX-OS Mode: All versions
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96608
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20413
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass authorization checks.
The vulnerability exists due to insufficient security restrictions when executing application arguments from the Bash shell. A local administrator can create new users with the privileges of network-admin.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco NX-OS: 6.0(2)A6(1) - 10.4(3)
Cisco Nexus 3000 Series Switches: All versions
Cisco Nexus 9000 Series Switches NX-OS Mode: All versions
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.