### [CVE-2024-20289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20289)
![](https://img.shields.io/static/v1?label=Product&message=Cisco%20NX-OS%20Software&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cisco%20NX-OS%20System%20Software%20in%20ACI%20Mode&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=10.1(1)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.1(2)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.1(2t)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.2(1)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.2(1q)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.2(2)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.2(2a)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.2(3)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.2(3t)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.2(3v)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.2(4)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.2(5)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.2(6)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(1)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(2)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(3)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(3o)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(3p)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(3q)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(3r)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(3w)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(3x)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(4)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(4a)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(4g)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(99w)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3(99x)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.4(1)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.4(2)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=16.0(2h)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=16.0(2j)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=16.0(3d)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=16.0(3e)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=16.0(3g)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=16.0(4c)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=16.0(5h)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=16.0(5j)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(10)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(11)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(12)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(3)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(4)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(5)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(5w)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(6)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(7)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(7a)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(7k)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(8)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.3(9)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brightgreen)

### Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.&nbsp;This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds