How severe is CVE-2024-20306?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2024-20306?

This is classified as CWE-233, which is a common weakness in software security.

CVE-2024-20306

MEDIUM Year: 2024

CVSS v3 Score

6.0

Medium

Weakness Type

CWE-233

View all →

Vulnerability Description

A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system.

CVE-2023-1419

MEDIUM

CVSS:5.9(Medium)

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a...

CWE-2332023

CVE-2024-9329

MEDIUM

CVSS:6.1(Medium)

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying...

CWE-2332024

CVE-2020-10069

MEDIUM

CVSS:6.5(Medium)

Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.c...

CWE-2332020

CVE-2021-45477

MEDIUM

CVSS:6.5(Medium)

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before...

CWE-2332021

CVE-2021-45478

MEDIUM

CVSS:6.5(Medium)

CWE-2332021

CVE-2023-28898

MEDIUM

CVSS:5.3(Medium)

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the...

CWE-2332023

CVE-2024-20306

Vulnerability Description

Related Vulnerabilities

CVE-2023-1419

CVE-2024-9329

CVE-2020-10069

CVE-2021-45477

CVE-2021-45478

CVE-2023-28898