admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-204xx/CVE-2024-20478.json
cad-safe-bot 0c245865ae Auto-Update: 2025-01-26T03:00:19.791548+00:00
2025-01-26 03:03:52 +00:00

60 lines
3.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-20478",
"sourceIdentifier": "psirt@cisco.com",
"published": "2024-08-28T17:15:10.220",
"lastModified": "2024-08-29T13:25:27.537",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.\r\n\r\nThis vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.\r\nNote: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente de actualizaci\u00f3n de software de Cisco Application Policy Infrastructure Controller (APIC) y Cisco Cloud Network Controller, anteriormente Cisco Cloud APIC, podr\u00eda permitir que un atacante remoto autenticado con privilegios de nivel de administrador instale una imagen de software modificada, lo que lleva a la inyecci\u00f3n de c\u00f3digo arbitrario en un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n de firma insuficiente de las im\u00e1genes de software. Un atacante podr\u00eda aprovechar esta vulnerabilidad instalando una imagen de software modificada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario en el sistema afectado y elevar sus privilegios a superusuario. Nota: Los administradores siempre deben validar el hash de cualquier imagen de actualizaci\u00f3n antes de cargarla en Cisco APIC y Cisco Cloud Network Controller."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU",
"source": "psirt@cisco.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink