Skip to content
logo logoSelf Service
Sign In Sign Up
  • Home
  • Knowledgebase
Back

Cisco NX-OS CLI Vulnerability

Updated 08/19/2024 09:45:25 AM by hvuser
  • PDF
  • Print
  • Share
    • Facebook
  • Copy To Clipboard
  • Collapse All Expand All

Content

Priority: ● Medium

Status: In Progress- Undergoing Analysis

 

First Published: 3 July, 2024

Advisory Version: 1.0

References: CVE-2024-20399

 

Summary

A recently announced vulnerability in certain versions of the command line interface (CLI) of Cisco's NX-OS software could allow an attacker to run arbitrary commands as the root user. This vulnerability stems from insufficient validation of command line arguments passed to certain NX-OS CLI commands. Cisco has classified this vulnerability as "Medium"; an attacker must already have Administrator credentials in order to exploit this vulnerability. 

Fixed versions of Cisco NX-OS are currently available. Please refer to the official Security Advisory from Cisco for additional details, as well as information regarding fixed NX-OS versions.

 

Affected Products

[NOTE: Cisco NX-OS Software releases 9.3(5) and later running on the following Cisco platforms are not affected by this vulnerability, with the exception of the few specific platforms noted in the advisory.]

  • MDS 9000 Series Multilayer Switches
  • Nexus 3000 Series Switches
  • Nexus 5500 Platform Switches
  • Nexus 5600 Platform Switches
  • Nexus 6000 Series Switches
  • Nexus 7000 Series Switches
  • Nexus 9000 Series Switches in standalone NX-OS mode

 

Recommended Actions

We highly recommend customers review Cisco's Security Advisory to assess their exposure based on their device configurations and then implement the recommended fixed versions as needed. Fixed, Hitachi Vantara-qualified NX-OS versions are available for support-entitled customers.

 

If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.

The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.

 

Internal Only

Keywords: https://knowledge.hitachivantara.com/Security/Cisco_NX-OS_CLI_Vulnerability

Related Solutions

  • Hitachi Vantara Security Advisories - Index Page
  • Hitachi Vantara Ops Center Analyzer Viewpoint Open SSL Vulnerability (CVE-2023-5363)
  • OpenSSH Versions Prior to 9.3p2 are Susceptible to a Vulnerability Which When Successfully Exploited Could Lead to Disclosure of Sensitive Information, Addition or Modification of Data, or Denial of Service (DoS)
  • OpenSSL 3.0.x Vulnerabilities: CVE-2022-3602 & CVE-2022-3786
  • Specific PHP Versions Vulnerability May Allow Malicious User Execution
Solution ID
241403060185367
Last Modified Date
08/19/2024 09:45:25 AM
Attributes
Page Privacy and Permission Assignment
  • Page Privacy: Private
  • Page Level Permissions: Anonymous; Employee; Service Partner; Customer; IT; eServices
  • Article: cve
  • Pagetype: knowledgearticle
Taxonomy
  • Security Advisories > Advisories
Collections
  • Guest (Public)

Solution to Copy:

Copy to Clipboard

Failed to download PDF file.

Problem creating pdf file for the solution: 241403060185367
Close

Acknowledged.

Thank you for acknowledging that you have read and understood this solution.

Failure.

Unable to acknowlege. An error occurred.
Knowledge
  • Knowledgebase
Helpful Links
  • Community
  • Product Documentation
Upland RightAnswers | Self Service - 2024R2
© Fri Jun 20 11:14:32 EDT 2025 Upland Software, Inc. All Rights Reserved