CISA Warns of Active Exploitation of Critical Vulnerability in Palo Alto Networks
November 8, 2024ICS: Multiple Delta Electronics DIAScreen Vulnerabilities
November 8, 2024CISA Warns of Active Exploitation of Critical Vulnerability in Palo Alto Networks
November 8, 2024ICS: Multiple Delta Electronics DIAScreen Vulnerabilities
November 8, 2024Severity
High
Analysis Summary
CVE-2024-20536 CVSS:8.8
A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface.
CVE-2024-20418 CVSS:10
Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system with root privileges.
Impact
- Data Manipulation
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-20536
- CVE-2024-20418
Affected Vendors
Affected Products
- Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul
- Cisco Aironet Access Point Software (IOS XE Controller) - N/A
- Cisco Data Center Network Manager 12.1.3
- Cisco Data Center Network Manager 12.1.2
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.