D-Link DIR-859 Router Vulnerability Actively Exploited by Threat Actors
July 2, 2024Juniper Networks Issues Critical Security Update for Routers
July 2, 2024D-Link DIR-859 Router Vulnerability Actively Exploited by Threat Actors
July 2, 2024Juniper Networks Issues Critical Security Update for Routers
July 2, 2024Severity
Medium
Analysis Summary
CVE-2024-20399
Cisco NX-OS Software could allow a local authenticated authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of arguments that are passed to specific configuration CLI commands. By sending a specially crafted input, an attacker could exploit this vulnerability to execute arbitrary commands on the underlying operating system with the privileges of root.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-20399
Affected Vendors
Affected Products
- Cisco Nexus 6000 Series Switches
- Cisco Nexus 5500 Platform Switches
- Cisco Nexus 5600 Platform Switches
- Cisco Nexus 7000 Series Switches
- Cisco Nexus 3000 Series Switches N3K-C3164Q
- Cisco Nexus 9000 Series Switches in standalone NX-OS mode 9.3(6)
- Cisco NX-OS Software 6.0(2)A6(1)
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.