CVE-2024-20277

HIGH Year: 2024
CVSS v3 Score
8.0
High
Weakness Type
CWE-78
View all →

Vulnerability Description

A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands and elevate privileges to root.

Related Vulnerabilities

CVE-2015-5018

HIGH
CVSS:8.0(High)

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands...

CWE-782015

CVE-2017-2183

HIGH
CVSS:8.0(High)

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.

CWE-782017

CVE-2018-16216

HIGH
CVSS:8.0(High)

A command injection (missing input validation, escaping) in the monitoring or memory status web interface in AudioCodes 405HD (firmware 2.2.12) VoIP phone allows an authenticated remote attacker in th...

CWE-782018

CVE-2018-19977

HIGH
CVSS:8.0(High)

A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple...

CWE-782018

CVE-2018-21101

HIGH
CVSS:8.0(High)

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CWE-782018

CVE-2019-11539

HIGH
CVSS:8.0(High)

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX be...

CWE-782019