CVE-2024-20444

Summary

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device.   This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Data Center Network Manager11.2(1)affected
CiscoCisco Data Center Network Manager7.0(2)affected
CiscoCisco Data Center Network Manager10.3(2)IPFMaffected
CiscoCisco Data Center Network Manager10.1(1)affected
CiscoCisco Data Center Network Manager7.2(3)affected
CiscoCisco Data Center Network Manager7.2(2)affected
CiscoCisco Data Center Network Manager7.2(1)affected
CiscoCisco Data Center Network Manager11.0(1)affected
CiscoCisco Data Center Network Manager10.4(1)affected
CiscoCisco Data Center Network Manager10.2(1)affected
CiscoCisco Data Center Network Manager7.2(2a)affected
CiscoCisco Data Center Network Manager10.1(2)affected
CiscoCisco Data Center Network Manager7.1(1)affected
CiscoCisco Data Center Network Manager12.1(1)affected
CiscoCisco Data Center Network Manager11.1(1)affected
CiscoCisco Data Center Network Manager10.3(1)affected
CiscoCisco Data Center Network Manager10.3(1)R(1)affected
CiscoCisco Data Center Network Manager7.0(1)affected
CiscoCisco Data Center Network Manager10.0(1)affected
CiscoCisco Data Center Network Manager7.1(2)affected
CiscoCisco Data Center Network Manager11.4(1)affected
CiscoCisco Data Center Network Manager10.4(2)affected
CiscoCisco Data Center Network Manager11.3(1)affected
CiscoCisco Data Center Network Manager11.5(1)affected
CiscoCisco Data Center Network Manager11.5(2)affected
CiscoCisco Data Center Network Manager11.5(3)affected
CiscoCisco Data Center Network Manager12.0.1aaffected
CiscoCisco Data Center Network Manager11.5(3a)affected
CiscoCisco Data Center Network Manager12.0.2daffected
CiscoCisco Data Center Network Manager12.0.2faffected
CiscoCisco Data Center Network Manager11.5(4)affected
CiscoCisco Data Center Network Manager12.1.1affected
CiscoCisco Data Center Network Manager12.1.1eaffected
CiscoCisco Data Center Network Manager12.1.1paffected
CiscoCisco Data Center Network Manager12.1.2eaffected
CiscoCisco Data Center Network Manager12.1.2paffected
CiscoCisco Data Center Network Manager12.1.3baffected
CiscoCisco Data Center Network Manager12.2.1affected

Weaknesses

  • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References