CVE-2024-20289

MEDIUM Year: 2024
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-78
View all →

Vulnerability Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.

Related Vulnerabilities

CVE-2017-6602

MEDIUM
CVSS:4.4(Medium)

A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an auth...

CWE-782017

CVE-2025-47203

MEDIUM
CVSS:4.5(Medium)

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.

CWE-782025

CVE-2022-33955

MEDIUM
CVSS:4.3(Medium)

IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312.

CWE-782022

CVE-2019-1770

MEDIUM
CVSS:4.2(Medium)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system wi...

CWE-782019

CVE-2024-26023

MEDIUM
CVSS:4.2(Medium)

OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.

CWE-782024

CVE-2016-1141

MEDIUM
CVSS:4.7(Medium)

KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

CWE-782016