COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-20399

CVE-2024-20399

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-07-02
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-20399
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wild

Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.

Players implicated

Cisco Systems Inc. · vendorNX-OS · product

Description

Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.

Affected FedRAMP products 8 in the catalog

ProductProviderStatusMatch
Cisco Cloudlock for Government Cisco Systems Inc. Authorized vendor-exact · 0.90
Cisco Meraki for Government Cisco Systems Inc. In Process vendor-exact · 0.90
Cisco SD-WAN for Government Cisco Systems Inc. In Process vendor-exact · 0.90
Cisco Umbrella for Government Cisco Systems Inc. In Process vendor-exact · 0.90
Cisco Unified Communications Manager Cloud for Government (Cisco UCM Cloud for Government) Cisco Systems Inc. Authorized vendor-exact · 0.90
Duo Federal Duo Security (A Cisco Company) Authorized dex-judge · 0.95
WebEx Contact Center Enterprise for Government (WxCCE-G) Cisco Systems Inc. In Process vendor-exact · 0.90
Webex for Government Cisco Systems Inc. Authorized vendor-exact · 0.90