How severe is CVE-2024-20478?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-20478?

This is classified as CWE-250, which is a common weakness in software security.

CVE-2024-20478

MEDIUM Year: 2024

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-250

View all →

Vulnerability Description

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root. Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.

CVE-2023-30617

MEDIUM

CVSS:6.5(Medium)

Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of th...

CWE-2502023

CVE-2023-42954

MEDIUM

CVSS:6.5(Medium)

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue ha...

CWE-2502023

CVE-2024-7041

MEDIUM

CVSS:6.5(Medium)

An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`,...

CWE-2502024

CVE-2025-0921

MEDIUM

CVSS:6.5(Medium)

Execution with Unnecessary Privileges vulnerability in the Pager agent of multi-agent notification feature in Mitsubishi Electric Iconics Digital Solutions GENESIS64 prior to 10.97.3, Mitsubishi Elect...

CWE-2502025

CVE-2025-22890

MEDIUM

CVSS:6.5(Medium)

Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where...

CWE-2502025

CVE-2019-10143

MEDIUM

CVSS:6.4(Medium)

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges...

CWE-2502019

CVE-2024-20478

Vulnerability Description

Related Vulnerabilities

CVE-2023-30617

CVE-2023-42954

CVE-2024-7041

CVE-2025-0921

CVE-2025-22890

CVE-2019-10143