CVE-2024-20413

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description The issue is related to insufficient security restrictions when executing application arguments from the Bash shell, allowing an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device. An attacker could exploit this by executing crafted commands on the underlying operating system, potentially creating new users with network-admin privileges.

Recommendations For Cisco NX-OS Software, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. At the moment, there is no information about specific versions that contain a fix for this vulnerability.