Plattform
cisco
Komponente
cisco-nexus-dashboard
Behoben in
1.1.1
1.1.1
1.1.1
1.1.1
1.1.1
1.1.1
1.1.1
1.1.1
2.0.1
2.0.1
2.0.1
2.0.1
2.1.1
2.1.1
2.1.1
2.1.1
2.2.1
2.2.1
2.2.1
2.3.1
2.3.1
2.3.1
2.3.1
2.3.1
3.0.1
3.0.1
CVE-2024-20282 describes a privilege escalation vulnerability in Cisco Nexus Dashboard. An attacker with valid rescue-user credentials can exploit this flaw to gain root access on an affected device, potentially compromising the entire system. This vulnerability impacts versions 1.1(0c) through 3.0(1i) of Cisco Nexus Dashboard, and a fix is available in version 3.0.1.
Successful exploitation of CVE-2024-20282 allows an attacker to elevate their privileges to root on the Cisco Nexus Dashboard device. This grants them complete control over the system, including access to the filesystem and hosted containers. An attacker could then install malware, steal sensitive data, modify system configurations, or disrupt network services. The impact is significant due to the potential for complete system compromise and the ability to move laterally within the network if the device is connected to other systems. This vulnerability shares similarities with other privilege escalation flaws where improper access token handling leads to unauthorized privilege gains.
CVE-2024-20282 was publicly disclosed on April 3, 2024. Its CVSS score of 6 (Medium) indicates a moderate probability of exploitation. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability's nature suggests that a PoC could be developed relatively easily. It is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Organizations heavily reliant on Cisco Nexus Dashboard for network management are at risk, particularly those using older versions (1.1(0c)–3.0(1i)). Environments with weak password policies or shared accounts for the rescue-user role are especially vulnerable. Those with legacy configurations or limited patching cycles should prioritize remediation.
• cisco: Examine system logs for unusual activity originating from the rescue-user account. Use Cisco's command-line interface to verify the Nexus Dashboard version is 3.0.1 or higher.
show version• linux / server: Monitor /var/log/auth.log or equivalent authentication logs for failed or successful login attempts using the rescue-user account.
journalctl -u nexus-dashboard | grep rescue-user• generic web: Check for unusual processes running with root privileges on the Nexus Dashboard device. Use ps aux | grep root to identify any unexpected processes.
disclosure
Exploit-Status
EPSS
0.05% (16% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-20282 is to upgrade Cisco Nexus Dashboard to version 3.0.1 or later. If an immediate upgrade is not feasible, consider restricting access to the rescue-user account and implementing strong password policies. Review and audit user accounts and permissions within the Nexus Dashboard environment. Monitor system logs for suspicious activity related to access token usage. While a WAF is unlikely to directly mitigate this vulnerability, it can help detect and block malicious attempts to exploit it. After upgrading, verify the fix by attempting to authenticate with the rescue-user account and confirming that privilege escalation is prevented.
Actualice Cisco Nexus Dashboard a una versión que no esté afectada por esta vulnerabilidad. Consulte el advisory de Cisco para obtener detalles sobre las versiones corregidas y las instrucciones de actualización específicas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-20282 is a medium severity vulnerability allowing an authenticated local attacker with rescue-user credentials to gain root access on Cisco Nexus Dashboard versions 1.1(0c)–3.0(1i).
You are affected if you are running Cisco Nexus Dashboard versions 1.1(0c) through 3.0(1i) and have not upgraded to version 3.0.1 or later.
Upgrade Cisco Nexus Dashboard to version 3.0.1 or later. Restrict access to the rescue-user account and implement multi-factor authentication as an interim measure.
While no active exploitation has been publicly confirmed, the vulnerability's nature suggests potential for exploitation and PoC development.
Refer to the Cisco Security Advisory for CVE-2024-20282: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-dashboard-privilege-escalation
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.