How severe is CVE-2024-20287?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2024-20287?

This is classified as CWE-88, which is a common weakness in software security.

CVE-2024-20287 - HIGH Severity | CVSS 7.2

Vulnerability Description

A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device.

Related Vulnerabilities

CVE-2020-14421

HIGH

CVSS:7.2(High)

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.

CWE-882020

CVE-2020-35136

HIGH

CVSS:7.2(High)

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for...

CWE-882020

CVE-2020-5792

HIGH

CVSS:7.2(High)

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of ...

CWE-882020

CVE-2021-34816

HIGH

CVSS:7.2(High)

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.

CWE-882021

CVE-2021-3540

HIGH

CVSS:7.2(High)

By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.

CWE-882021

CVE-2021-46850

HIGH

CVSS:7.2(High)

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via...

CWE-882021