CVE-2024-20444 (CNNVD-202410-158)
MEDIUM
中文标题:
Cisco Nexus Dashboard 安全漏洞
英文标题:
Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability
CVSS分数:
5.5
发布时间:
2024-10-02 16:54:09
漏洞类型:
其他
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
Cisco Nexus Dashboard是美国思科(Cisco)公司的一个单一控制台。能够简化数据中心网络的运营和管理。 Cisco Nexus Dashboard存在安全漏洞,该漏洞源于命令参数验证不足。可能允许具有网络管理员权限的经过身份验证的远程攻击者对受影响的设备执行命令注入攻击。
英文描述:
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.
CWE类型:
CWE-88
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Data Center Network Manager | 11.2(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:11.2(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 7.0(2) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:7.0(2):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 10.3(2)IPFM | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:10.3(2)ipfm:*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 10.1(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:10.1(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 7.2(3) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:7.2(3):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 7.2(2) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:7.2(2):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 7.2(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:7.2(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 11.0(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:11.0(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 10.4(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:10.4(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 10.2(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:10.2(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 7.2(2a) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:7.2(2a):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 10.1(2) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:10.1(2):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 7.1(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:7.1(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 12.1(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:12.1(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 11.1(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:11.1(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 10.3(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:10.3(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 10.3(1)R(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:10.3(1)r(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 7.0(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:7.0(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 10.0(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:10.0(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 7.1(2) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:7.1(2):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 11.4(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:11.4(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 10.4(2) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:10.4(2):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 11.3(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:11.3(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 11.5(1) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:11.5(1):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 11.5(2) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:11.5(2):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 11.5(3) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:11.5(3):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 12.0.1a | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:12.0.1a:*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 11.5(3a) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:11.5(3a):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 12.0.2d | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:12.0.2d:*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 12.0.2f | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:12.0.2f:*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 11.5(4) | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:11.5(4):*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 12.1.1 | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:12.1.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 12.1.1e | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:12.1.1e:*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 12.1.1p | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:12.1.1p:*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 12.1.2e | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:12.1.2e:*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 12.1.2p | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:12.1.2p:*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 12.1.3b | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:12.1.3b:*:*:*:*:*:*:*
|
| Cisco | Cisco Data Center Network Manager | 12.2.1 | - | - |
cpe:2.3:a:cisco:cisco_data_center_network_manager:12.2.1:*:*:*:*:*:*:*
|
| cisco | nexus_dashboard_fabric_controller | * | - | - |
cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
cisco-sa-ndfc-raci-T46k3jnN
OTHER
cve.org
访问
cve.org
CVSS评分详情
3.1 (cna)
MEDIUM
5.5
CVSS向量:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
机密性
NONE
完整性
HIGH
可用性
LOW
时间信息
发布时间:
2024-10-02 16:54:09
修改时间:
2024-10-02 19:45:29
创建时间:
2025-11-11 15:39:03
更新时间:
2025-11-11 15:59:10
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2024-20444 |
2025-11-11 15:22:24 | 2025-11-11 07:39:03 |
| NVD | nvd_CVE-2024-20444 |
2025-11-11 15:00:06 | 2025-11-11 07:47:05 |
| CNNVD | cnnvd_CNNVD-202410-158 |
2025-11-11 15:11:48 | 2025-11-11 07:59:10 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:59:10
vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-202410-158; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202410-158
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:47:05
affected_products_count: 38 → 39; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- affected_products_count: 38 -> 39
- data_sources: ['cve'] -> ['cve', 'nvd']