CVE-2024-20278

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-184
View all →

Vulnerability Description

A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root.

Related Vulnerabilities

CVE-2021-31370

MEDIUM
CVSS:6.5(Medium)

An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker whi...

CWE-1842021

CVE-2023-40037

MEDIUM
CVSS:6.5(Medium)

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against craf...

CWE-1842023

CVE-2025-1484

MEDIUM
CVSS:6.5(Medium)

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An att...

CWE-1842025

CVE-2023-45593

MEDIUM
CVSS:6.8(Medium)

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacke...

CWE-1842023

CVE-2022-38179

MEDIUM
CVSS:6.1(Medium)

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

CWE-1842022

CVE-2023-23844

HIGH
CVSS:7.2(High)

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands wi...

CWE-1842023