CVE-2024-20282

Name of the Vulnerable Software and Affected Versions Cisco Nexus Dashboard (affected versions not specified)

Description The issue is related to insufficient access control protections, which could allow an authenticated, local attacker with valid credentials to elevate privileges to root on an affected device. This is due to inadequate protections for a sensitive access token, which an attacker could exploit to access resources within the device infrastructure, potentially gaining root access to the filesystem or hosted containers.

Recommendations For all affected versions, consider restricting access to sensitive resources and tokens until a patch is available. As a temporary workaround, limit the use of rescue-user credentials to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.