Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems


A critical vulnerability (CVE-2024-20432) has been found in Cisco’s Nexus Dashboard Fabric Controller (NDFC), with a high CVSS score of 9.9. This flaw allows authenticated low-privileged remote attackers to perform command injection attacks via the NDFC's REST API and web UI, potentially granting them command-line interface access with network-admin privileges. While the vulnerability does not affect NDFC when used as a storage area network controller, other configurations are at risk. Cisco has released software updates to fix the issue and recommends that users upgrade their systems immediately, as there are no available workarounds. Users can find detailed information about affected software and necessary updates in Cisco's advisory.

Read More


thumb-image

Solutions