CVE-2024-20483

Name of the Vulnerable Software and Affected Versions Cisco Routed PON Controller Software (affected versions not specified)

Description The issue exists due to insufficient validation of arguments passed to specific configuration commands, allowing an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.