Friday, May 2, 2025
HomeCiscoCisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

Published on

SIEM as a Service

Follow Us on Google News

A critical vulnerability has been discovered in Cisco’s Nexus Dashboard Fabric Controller (NDFC), potentially allowing hackers to execute arbitrary commands on affected systems.

This flaw, identified as CVE-2024-20432, was first published on October 2, 2024. Its CVSS score of 9.9 indicates its severe impact.

Vulnerability Details

The vulnerability resides in the Cisco NDFC’s REST API and web UI. It could enable an authenticated, low-privileged remote attacker to perform a command injection attack.

- Advertisement - Google News

This is due to improper user authorization and insufficient validation of command arguments.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

By exploiting this flaw, attackers can execute arbitrary commands on the command-line interface (CLI) of a Cisco NDFC-managed device with network-admin privileges. 

This vulnerability does not affect Cisco NDFC when configured for storage area network (SAN) controller deployment. However, other implementations remain at risk.

Cisco has confirmed that there are no workarounds for this vulnerability. The company has released software updates to address the issue and urges customers to upgrade their systems promptly.

Affected users can obtain these updates through their usual channels if they have a service contract with Cisco.

Affected and Unaffected Products

The vulnerability affects Cisco NDFC but does not impact Nexus Dashboard Insights or Nexus Dashboard Orchestrator (NDO).

Users are advised to review the advisory for detailed information on vulnerable software releases and to ensure they upgrade to a fixed version as soon as possible.

Cisco advises all users to regularly consult security advisories and ensure their systems are running supported software versions.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...