PT-2024-8633 · Cisco · Cisco Nexus Dashboard Fabric Controller
Published
2024-10-02
·
Updated
2024-10-08
·
CVE-2024-20449
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Nexus Dashboard Fabric Controller (NDFC) (affected versions not specified)
Description
The issue is related to improper path validation in the Cisco Nexus Dashboard Fabric Controller (NDFC), which could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This can be achieved by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques, potentially allowing the attacker to execute arbitrary code in a specific container with the privileges of root.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Nexus Dashboard Fabric Controller