WARNING: CRITICAL VULNERABILITY IN CISCO NEXUS DASHBOARD FABRIC CONTROLLER ENABLES ARBITRARY COMMAND EXECUTION, PATCH IMMEDIATELY!

Reference:
Advisory #2024-236

Version:
1.0

Affected software:
Cisco NDFC Release 12.0 (before 12.2.2)

Type:
Arbitrary Command Execution

CVE/CVSS:
CVE-2024-20432
CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

Sources

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cmdinj-UvYZrKfr

Risks

The vulnerability in Cisco NDFC's REST API and web UI poses a serious risk, as it could allow an authenticated, low-privileged remote attacker to execute arbitrary commands through a command injection attack. This vulnerability has a high impact on the system’s confidentiality, integrity, and availability, potentially leading to unauthorized control of affected systems.

Description

The vulnerability is due to improper user authorization and insufficient validation of command arguments in Cisco NDFC’s REST API and web, leading to a potential command injection flaw.

Attackers could execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

• https://securityonline.info/cve-2024-20432-cvss-9-9-cisco-nexus-dashboard-fabric-controller-exposed-to-rce/
• https://cybersecuritynews.com/cisco-nexus-vulnerability/
• https://gbhackers.com/cisco-nexus-vulnerability/