| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.4 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Cisco NX-OS. This vulnerability affects unknown code of the component CLI. This manipulation causes os command injection. This vulnerability is tracked as CVE-2024-20399. The attack is restricted to local execution. No exploit exists. You should upgrade the affected component.
Details
A vulnerability was found in Cisco NX-OS. It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component CLI. The manipulation with an unknown input leads to a os command injection vulnerability. The CWE definition for the vulnerability is CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. The following Cisco devices already allow administrative users to access the underlying operating system through the bash-shell feature, so, for these devices, this vulnerability does not grant any additional privileges: Nexus 3000 Series Switches Nexus 7000 Series Switches that are running Cisco NX-OS Software releases 8.1(1) and later Nexus 9000 Series Switches in standalone NX-OS mode
The advisory is shared at sec.cloudapps.cisco.com. This vulnerability is known as CVE-2024-20399 since 11/08/2023. The exploitation appears to be easy. An attack has to be approached locally. Additional levels of successful authentication are required for exploitation. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 10/28/2025). MITRE ATT&CK project uses the attack technique T1202 for this issue.
It is declared as attacked. The CISA Known Exploited Vulnerabilities Catalog lists this issue since 07/02/2024 with a due date of 07/23/2024:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.Upgrading eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at Zero-Day.cz (894). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
- 6.0(2)A6(1)
- 6.0(2)A6(1a)
- 6.0(2)A6(2)
- 6.0(2)A6(2a)
- 6.0(2)A6(3)
- 6.0(2)A6(3a)
- 6.0(2)A6(4)
- 6.0(2)A6(4a)
- 6.0(2)A6(5a)
- 6.0(2)A6(5b)
- 6.0(2)A6(6)
- 6.0(2)A6(7)
- 6.0(2)A6(8)
- 6.0(2)A8(1)
- 6.0(2)A8(2)
- 6.0(2)A8(3)
- 6.0(2)A8(4)
- 6.0(2)A8(4a)
- 6.0(2)A8(5)
- 6.0(2)A8(6)
- 6.0(2)A8(7)
- 6.0(2)A8(7a)
- 6.0(2)A8(7b)
- 6.0(2)A8(8)
- 6.0(2)A8(9)
- 6.0(2)A8(10)
- 6.0(2)A8(10a)
- 6.0(2)A8(11)
- 6.0(2)A8(11a)
- 6.0(2)A8(11b)
- 6.0(2)U6(1)
- 6.0(2)U6(1a)
- 6.0(2)U6(2)
- 6.0(2)U6(2a)
- 6.0(2)U6(3)
- 6.0(2)U6(3a)
- 6.0(2)U6(4)
- 6.0(2)U6(4a)
- 6.0(2)U6(5)
- 6.0(2)U6(5a)
- 6.0(2)U6(5b)
- 6.0(2)U6(5c)
- 6.0(2)U6(6)
- 6.0(2)U6(7)
- 6.0(2)U6(8)
- 6.0(2)U6(9)
- 6.0(2)U6(10)
- 6.2(1)
- 6.2(2)
- 6.2(2a)
- 6.2(5b)
- 6.2(6)
- 6.2(6a)
- 6.2(6b)
- 6.2(8)
- 6.2(8a)
- 6.2(8b)
- 6.2(9)
- 6.2(9a)
- 6.2(9b)
- 6.2(10)
- 6.2(11)
- 6.2(12)
- 6.2(13a)
- 6.2(13b)
- 6.2(14)
- 6.2(16)
- 6.2(17)
- 6.2(18)
- 6.2(20)
- 6.2(20a)
- 6.2(22)
- 6.2(24)
- 6.2(24a)
- 6.2(27)
- 6.2(29)
- 6.2(33)
- 7.0(3)F1(1)
- 7.0(3)F2(1)
- 7.0(3)F2(2)
- 7.0(3)F3(1)
- 7.0(3)F3(3)
- 7.0(3)F3(3a)
- 7.0(3)F3(3c)
- 7.0(3)F3(4)
- 7.0(3)F3(5)
- 7.0(3)I4(1)
- 7.0(3)I4(2)
- 7.0(3)I4(3)
- 7.0(3)I4(4)
- 7.0(3)I4(5)
- 7.0(3)I4(6)
- 7.0(3)I4(7)
- 7.0(3)I4(8)
- 7.0(3)I4(8a)
- 7.0(3)I4(8b)
- 7.0(3)I4(8z)
- 7.0(3)I4(9)
- 7.0(3)I5(1)
- 7.0(3)I5(2)
- 7.0(3)I6(1)
- 7.0(3)I6(2)
- 7.0(3)I7(1)
- 7.0(3)I7(2)
- 7.0(3)I7(3)
- 7.0(3)I7(4)
- 7.0(3)I7(5)
- 7.0(3)I7(5a)
- 7.0(3)I7(6)
- 7.0(3)I7(7)
- 7.0(3)I7(8)
- 7.0(3)I7(9)
- 7.0(3)I7(10)
- 7.1(0)N1(1)
- 7.1(0)N1(1a)
- 7.1(0)N1(1b)
- 7.1(1)N1(1)
- 7.1(2)N1(1)
- 7.1(3)N1(1)
- 7.1(3)N1(2)
- 7.1(4)N1(1)
- 7.1(5)N1(1)
- 7.1(5)N1(1b)
- 7.2(0)D1(1)
- 7.2(1)D1(1)
- 7.2(2)D1(1)
- 7.2(2)D1(2)
- 7.3(0)D1(1)
- 7.3(0)DX(1)
- 7.3(0)N1(1)
- 7.3(1)D1(1)
- 7.3(1)N1(1)
- 7.3(2)D1(1)
- 7.3(2)D1(2)
- 7.3(2)D1(3)
- 7.3(2)D1(3a)
- 7.3(2)N1(1)
- 7.3(3)D1(1)
- 7.3(3)N1(1)
- 7.3(4)D1(1)
- 7.3(4)N1(1)
- 7.3(5)D1(1)
- 7.3(5)N1(1)
- 7.3(6)D1(1)
- 7.3(6)N1(1)
- 7.3(7)D1(1)
- 7.3(7)N1(1)
- 7.3(7)N1(1a)
- 7.3(7)N1(1b)
- 7.3(8)D1(1)
- 7.3(8)N1(1)
- 7.3(9)D1(1)
- 7.3(9)N1(1)
- 7.3(10)N1(1)
- 7.3(11)N1(1)
- 7.3(12)N1(1)
- 7.3(13)N1(1)
- 7.3(14)N1(1)
- 8.0(1)
- 8.1(1)
- 8.1(1b)
- 8.1(2)
- 8.1(2a)
- 8.2(1)
- 8.2(2)
- 8.2(3)
- 8.2(4)
- 8.2(5)
- 8.2(6)
- 8.2(7)
- 8.2(7a)
- 8.2(8)
- 8.2(9)
- 8.2(10)
- 8.2(11)
- 8.3(1)
- 8.3(2)
- 8.4(1)
- 8.4(2)
- 8.4(2b)
- 8.4(2c)
- 8.4(2f)
- 8.4(3)
- 8.4(4)
- 8.4(4a)
- 8.4(5)
- 8.4(6)
- 8.4(6a)
- 8.4(7)
- 8.4(8)
- 8.4(9)
- 8.5(1)
- 9.2(1)
- 9.2(2)
- 9.2(2t)
- 9.2(2v)
- 9.2(3)
- 9.2(4)
- 9.3(1)
- 9.3(2)
- 9.3(2a)
- 9.3(3)
- 9.3(4)
- 9.3(5)
- 9.3(6)
- 9.3(7)
- 9.3(7a)
- 9.3(8)
- 9.3(9)
- 9.3(10)
- 9.3(11)
- 9.3(12)
- 9.3(13)
- 10.1(1)
- 10.2(1)
- 10.2(1q)
- 10.2(2)
- 10.2(3)
- 10.2(3t)
- 10.3(1)
- 10.3(3)
- 10.3(4a)
- 10.3(5)
- 10.3(99w)
- 10.3(99x)
- 10.4(1)
- 10.4(2)
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.4
VulDB Base Score: 6.7
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.7
NVD Vector: 🔍
CNA Base Score: 6.0
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Os command injectionCWE: CWE-78 / CWE-77 / CWE-74
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Attacked
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Zero-Day.cz: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
11/08/2023 🔍07/01/2024 🔍
07/01/2024 🔍
10/28/2025 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-nxos-cmd-injection-xD9OhyOP
Status: Confirmed
CVE: CVE-2024-20399 (🔍)
GCVE (CVE): GCVE-0-2024-20399
GCVE (VulDB): GCVE-100-270097
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 07/01/2024 19:02Updated: 10/28/2025 19:02
Changes: 07/01/2024 19:02 (64), 07/01/2024 21:06 (6), 07/02/2024 19:00 (9), 07/10/2024 21:49 (12), 09/09/2024 22:30 (2), 10/28/2025 19:02 (1)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

No comments yet. Languages: en.
Please log in to comment.