CVE-2024-20411

MEDIUM Year: 2024
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-267
View all →

Vulnerability Description

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing a specific crafted command on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary code with the privileges of root.

Related Vulnerabilities

CVE-2020-7824

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handl...

CWE-2672020

CVE-2022-38124

MEDIUM
CVSS:6.5(Medium)

Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.

CWE-2672022

CVE-2023-27895

MEDIUM
CVSS:6.5(Medium)

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views...

CWE-2672023

CVE-2023-2983

MEDIUM
CVSS:6.5(Medium)

Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.

CWE-2672023

CVE-2021-40354

HIGH
CVSS:7.1(High)

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All vers...

CWE-2672021

CVE-2021-44476

HIGH
CVSS:7.1(High)

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration file...

CWE-2672021