How severe is CVE-2024-20449?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-20449?

This is classified as CWE-23, which is a common weakness in software security.

CVE-2024-20449 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges of root.

Related Vulnerabilities

CVE-2017-0918

HIGH

CVSS:8.8(High)

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.

CWE-232017

CVE-2017-13996

HIGH

CVSS:8.8(High)

A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not hav...

CWE-232017

CVE-2018-14795

HIGH

CVSS:8.8(High)

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.

CWE-232018

CVE-2019-11826

HIGH

CVSS:8.8(High)

Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.

CWE-232019

CVE-2019-3976

HIGH

CVSS:8.8(High)

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a m...

CWE-232019

CVE-2020-12026

HIGH

CVSS:8.8(High)

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’...

CWE-232020