{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T23:14:14.482","vulnerabilities":[{"cve":{"id":"CVE-2024-20444","sourceIdentifier":"psirt@cisco.com","published":"2024-10-02T17:15:16.390","lastModified":"2024-10-08T15:26:38.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device.\r\n \r\nThis vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition."},{"lang":"es","value":"Una vulnerabilidad en Cisco Nexus Dashboard Fabric Controller (NDFC), anteriormente Cisco Data Center Network Manager (DCNM), podría permitir que un atacante remoto autenticado con privilegios de administrador de red realice un ataque de inyección de comandos contra un dispositivo afectado. Esta vulnerabilidad se debe a una validación insuficiente de los argumentos de los comandos. Un atacante podría aprovechar esta vulnerabilidad enviando argumentos de comandos manipulados a un endpoint de API REST específico. Una explotación exitosa podría permitir al atacante sobrescribir archivos confidenciales o bloquear un contenedor específico, que se reiniciaría por sí solo, lo que provocaría una condición de denegación de servicio (DoS) de bajo impacto."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":4.2}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:*:*:*:*:*:*:*:*","versionEndExcluding":"12.2.2","matchCriteriaId":"9E78B4AC-793B-4405-896F-31398AF7CBD2"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-raci-T46k3jnN","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}}]}