How severe is CVE-2024-20444?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-20444?

This is classified as CWE-88, which is a common weakness in software security.

CVE-2024-20444 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device.   This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.

Related Vulnerabilities

CVE-2019-5804

MEDIUM

CVSS:5.5(Medium)

Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

CWE-882019

CVE-2022-31246

MEDIUM

CVSS:5.5(Medium)

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Li...

CWE-882022

CVE-2023-39287

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to con...

CWE-882023

CVE-2023-39288

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to con...

CWE-882023

CVE-2024-3367

MEDIUM

CVSS:5.5(Medium)

Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc

CWE-882024

CVE-2022-44731

MEDIUM

CVSS:5.4(Medium)

A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMAT...

CWE-882022