CVE-2024-20483
Vulnerability from cvelistv5
Published
2024-09-11 16:38
Modified
2024-09-20 03:55
Severity ?
EPSS score ?
Summary
Cisco IOS XR PON Controller Command Injection Vulnerabilities
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco IOS XR Software |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xr", "vendor": "cisco", "versions": [ { "status": "affected", "version": "24.1.1" }, { "status": "affected", "version": "24.2.1" }, { "status": "affected", "version": "24.1.2" }, { "status": "affected", "version": "24.2.11" }, { "status": "affected", "version": "24.3.1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20483", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-19T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-20T03:55:21.862Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "24.1.1" }, { "status": "affected", "version": "24.2.1" }, { "status": "affected", "version": "24.1.2" }, { "status": "affected", "version": "24.2.11" }, { "status": "affected", "version": "24.3.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root.\r\n\r\nThese vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command. A successful exploit could allow the attacker to execute arbitrary commands as root on the PON controller." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-11T16:38:57.862Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL" } ], "source": { "advisory": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL", "defects": [ "CSCwi81011" ], "discovery": "INTERNAL" }, "title": "Cisco IOS XR PON Controller Command Injection Vulnerabilities" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20483", "datePublished": "2024-09-11T16:38:57.862Z", "dateReserved": "2023-11-08T15:08:07.684Z", "dateUpdated": "2024-09-20T03:55:21.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-20483\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2024-09-11T17:15:13.213\",\"lastModified\":\"2024-10-03T01:44:17.827\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root.\\r\\n\\r\\nThese vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command. A successful exploit could allow the attacker to execute arbitrary commands as root on the PON controller.\"},{\"lang\":\"es\",\"value\":\"Varias vulnerabilidades en el software Cisco Routed PON Controller, que se ejecuta como un contenedor Docker en hardware compatible con el software Cisco IOS XR, podr\u00edan permitir que un atacante remoto autenticado con privilegios de nivel de administrador en el administrador de PON o acceso directo a la instancia MongoDB del administrador de PON realice ataques de inyecci\u00f3n de comandos en el contenedor del controlador de PON y ejecute comandos arbitrarios como superusuario. Estas vulnerabilidades se deben a una validaci\u00f3n insuficiente de los argumentos que se pasan a comandos de configuraci\u00f3n espec\u00edficos. Un atacante podr\u00eda aprovechar estas vulnerabilidades al incluir una entrada manipulada como argumento de un comando de configuraci\u00f3n afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios como superusuario en el controlador de PON.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:24.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCE8E968-111F-4F57-93D3-E509AB540B87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:24.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B342A550-8600-45CF-8B9A-530770C9A0F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:24.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D64E1C4D-46B0-4A18-B8EE-BEA732CBF1F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:24.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11288A28-F0CF-4FEC-A0B7-3D93866F01FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:24.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FD120B9-0671-473C-8420-872E5BB9933F\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.