How severe is CVE-2024-20356?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.7 out of 10.

What type of vulnerability is CVE-2024-20356?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2024-20356 - HIGH Severity | CVSS 8.7

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.

Related Vulnerabilities

CVE-2019-12735

HIGH

CVSS:8.6(High)

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_...

CWE-782019

CVE-2019-5736

HIGH

CVSS:8.6(High)

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to ex...

CWE-782019

CVE-2020-28494

HIGH

CVSS:8.6(High)

This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process...

CWE-782020

CVE-2021-39826

HIGH

CVSS:8.6(High)

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary comman...

CWE-782021

CVE-2023-47105

HIGH

CVSS:8.6(High)

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.

CWE-782023

CVE-2024-11858

HIGH

CVSS:8.6(High)

A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shel...

CWE-782024