CVE-2024-20411

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description The issue is related to insufficient security restrictions when executing commands from the Bash shell, allowing an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. An attacker could exploit this by executing a specific crafted command on the underlying operating system, potentially allowing the execution of arbitrary code with root privileges.

Recommendations For Cisco NX-OS Software, consider applying the software updates released by Cisco that address this issue. As a temporary workaround, restrict access to the Bash shell to minimize the risk of exploitation. Avoid using the Bash shell for executing commands that could potentially exploit this issue until the software updates are applied. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but software updates have been released by Cisco.