Platform
cisco
Component
cisco-nexus-dashboard
Fixed in
1.1.1
1.1.1
1.1.1
1.1.1
1.1.1
1.1.1
1.1.1
1.1.1
2.0.1
2.0.1
2.0.1
2.0.1
2.1.1
2.1.1
2.1.1
2.1.1
2.2.1
2.2.1
2.2.1
2.3.1
2.3.1
2.3.1
2.3.1
2.3.1
3.0.1
3.0.1
CVE-2024-20282 describes a privilege escalation vulnerability in Cisco Nexus Dashboard. An attacker with valid rescue-user credentials can exploit this flaw to gain root access on an affected device, potentially compromising the entire system. This vulnerability impacts versions 1.1(0c) through 3.0(1i) of Cisco Nexus Dashboard, and a fix is available in version 3.0.1.
Successful exploitation of CVE-2024-20282 allows an authenticated, local attacker to escalate their privileges to root on the affected Cisco Nexus Dashboard device. This grants the attacker complete control over the system, including access to the filesystem and hosted containers. The attacker could then install malicious software, steal sensitive data, or disrupt network operations. The impact is significant as root access provides unrestricted access to the device's resources and configuration, potentially leading to a complete compromise of the network segment it serves. This vulnerability highlights the importance of strong authentication and access control mechanisms within network management systems.
CVE-2024-20282 was publicly disclosed on April 3, 2024. The vulnerability is not currently listed on CISA KEV as of this writing. Public proof-of-concept (PoC) code is not widely available, but the relatively straightforward nature of privilege escalation vulnerabilities suggests that PoCs may emerge. The vulnerability's reliance on local access and valid credentials limits its immediate exploitability in widespread, automated campaigns.
Exploit Status
EPSS
0.05% (16% percentile)
CVSS Vector
The primary mitigation for CVE-2024-20282 is to upgrade Cisco Nexus Dashboard to version 3.0.1 or later. If an immediate upgrade is not possible, consider restricting access to the rescue-user account and implementing multi-factor authentication. Review and audit existing rescue-user accounts to ensure only authorized personnel have access. Monitor system logs for suspicious activity related to the rescue-user account. While a WAF is unlikely to directly mitigate this vulnerability, network segmentation can limit the blast radius if the device is compromised. After upgrading, verify the fix by attempting to escalate privileges from a rescue-user account; the escalation should be prevented.
Actualice Cisco Nexus Dashboard a una versión que no esté afectada por esta vulnerabilidad. Consulte el advisory de Cisco para obtener detalles sobre las versiones corregidas y las instrucciones de actualización específicas.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-20282 is a medium severity vulnerability allowing an authenticated local attacker with rescue-user credentials to gain root access on Cisco Nexus Dashboard versions 1.1(0c)–3.0(1i).
You are affected if you are running Cisco Nexus Dashboard versions 1.1(0c) through 3.0(1i) and have not upgraded to version 3.0.1 or later.
Upgrade Cisco Nexus Dashboard to version 3.0.1 or later. Restrict access to the rescue-user account and implement multi-factor authentication as an interim measure.
While no active exploitation has been publicly confirmed, the vulnerability's nature suggests potential for exploitation and PoC development.
Refer to the Cisco Security Advisory for CVE-2024-20282: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-dashboard-privilege-escalation
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.