प्लेटफ़ॉर्म
cisco
घटक
cisco-nexus-dashboard
में ठीक किया गया
1.1.1
1.1.1
1.1.1
1.1.1
1.1.1
1.1.1
1.1.1
1.1.1
2.0.1
2.0.1
2.0.1
2.0.1
2.1.1
2.1.1
2.1.1
2.1.1
2.2.1
2.2.1
2.2.1
2.3.1
2.3.1
2.3.1
2.3.1
2.3.1
3.0.1
3.0.1
CVE-2024-20282 describes a privilege escalation vulnerability in Cisco Nexus Dashboard. An attacker with valid rescue-user credentials can exploit this flaw to gain root access on an affected device, potentially compromising the entire system. This vulnerability impacts versions 1.1(0c) through 3.0(1i) of Cisco Nexus Dashboard, and a fix is available in version 3.0.1.
Successful exploitation of CVE-2024-20282 allows an authenticated, local attacker to escalate their privileges to root on the affected Cisco Nexus Dashboard device. This grants the attacker complete control over the system, including access to the filesystem and hosted containers. The attacker could then install malicious software, steal sensitive data, or disrupt network operations. The impact is significant as root access provides unrestricted access to the device's resources and configuration, potentially leading to a complete compromise of the network segment it serves. This vulnerability highlights the importance of strong authentication and access control mechanisms within network management systems.
CVE-2024-20282 was publicly disclosed on April 3, 2024. The vulnerability is not currently listed on CISA KEV as of this writing. Public proof-of-concept (PoC) code is not widely available, but the relatively straightforward nature of privilege escalation vulnerabilities suggests that PoCs may emerge. The vulnerability's reliance on local access and valid credentials limits its immediate exploitability in widespread, automated campaigns.
Organizations heavily reliant on Cisco Nexus Dashboard for network management are at risk, particularly those using older versions (1.1(0c)–3.0(1i)). Environments with weak password policies or shared accounts for the rescue-user role are especially vulnerable. Those with legacy configurations or limited patching cycles should prioritize remediation.
• cisco: Examine system logs for unusual activity originating from the rescue-user account. Use Cisco's command-line interface to verify the Nexus Dashboard version is 3.0.1 or higher.
show version• linux / server: Monitor /var/log/auth.log or equivalent authentication logs for failed or successful login attempts using the rescue-user account.
journalctl -u nexus-dashboard | grep rescue-user• generic web: Check for unusual processes running with root privileges on the Nexus Dashboard device. Use ps aux | grep root to identify any unexpected processes.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.05% (16% शतमक)
CVSS वेक्टर
The primary mitigation for CVE-2024-20282 is to upgrade Cisco Nexus Dashboard to version 3.0.1 or later. If an immediate upgrade is not possible, consider restricting access to the rescue-user account and implementing multi-factor authentication. Review and audit existing rescue-user accounts to ensure only authorized personnel have access. Monitor system logs for suspicious activity related to the rescue-user account. While a WAF is unlikely to directly mitigate this vulnerability, network segmentation can limit the blast radius if the device is compromised. After upgrading, verify the fix by attempting to escalate privileges from a rescue-user account; the escalation should be prevented.
Actualice Cisco Nexus Dashboard a una versión que no esté afectada por esta vulnerabilidad. Consulte el advisory de Cisco para obtener detalles sobre las versiones corregidas y las instrucciones de actualización específicas.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-20282 is a medium severity vulnerability allowing an authenticated local attacker with rescue-user credentials to gain root access on Cisco Nexus Dashboard versions 1.1(0c)–3.0(1i).
You are affected if you are running Cisco Nexus Dashboard versions 1.1(0c) through 3.0(1i) and have not upgraded to version 3.0.1 or later.
Upgrade Cisco Nexus Dashboard to version 3.0.1 or later. Restrict access to the rescue-user account and implement multi-factor authentication as an interim measure.
While no active exploitation has been publicly confirmed, the vulnerability's nature suggests potential for exploitation and PoC development.
Refer to the Cisco Security Advisory for CVE-2024-20282: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-dashboard-privilege-escalation
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।