CVE-2024-20306
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-20306
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
参数问题
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco IOS XE Software 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco IOS XE Software是美国思科(Cisco)公司的一个操作系统。用于企业有线和无线访问,汇聚,核心和WAN的单一操作系统,Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在安全漏洞,该漏洞源于统一威胁防御 (UTD) 配置 CLI 中存在漏洞,可能允许经过身份验证的本地攻击者以root 身份在底层主机操作系统上执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco IOS XE Software | 17.10.1 | - |
II. Public POCs for CVE-2024-20306
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-20306
请登录查看更多情报信息。
Same Patch Batch · Cisco · 2024-03-27 · 17 CVEs total
| CVE-2024-20308 | 8.6 HIGH | 多款Cisco产品安全漏洞 |
| CVE-2024-20271 | 8.6 HIGH | Cisco Access Point 安全漏洞 |
| CVE-2024-20314 | 8.6 HIGH | Cisco IOS XE Software 安全漏洞 |
| CVE-2024-20259 | 8.6 HIGH | Cisco IOS XE Software 安全漏洞 |
| CVE-2024-20311 | 8.6 HIGH | Cisco IOS 和 IOS XE Software 安全漏洞 |
| CVE-2024-20303 | 7.4 HIGH | Cisco IOS XE Software 安全漏洞 |
| CVE-2024-20312 | 7.4 HIGH | Cisco IOS 和 IOS XE Software 安全漏洞 |
| CVE-2024-20276 | 7.4 HIGH | Cisco Catalyst 安全漏洞 |
| CVE-2024-20307 | 6.8 MEDIUM | 多款Cisco产品安全漏洞 |
| CVE-2024-20278 | 6.5 MEDIUM | Cisco IOS XE Software 安全漏洞 |
| CVE-2024-20265 | 5.9 MEDIUM | Cisco Access Point 安全漏洞 |
| CVE-2024-20316 | 5.8 MEDIUM | Cisco IOS XE Software 安全漏洞 |
| CVE-2024-20309 | 5.6 MEDIUM | Cisco IOS XE Software 安全漏洞 |
| CVE-2024-20324 | 5.5 MEDIUM | Cisco IOS XE Software 安全漏洞 |
| CVE-2024-20354 | 4.7 MEDIUM | Cisco Aironet Access Point Software 安全漏洞 |
| CVE-2024-20333 | 4.3 MEDIUM | Cisco DNA Center 安全漏洞 |
IV. Related Vulnerabilities
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-233
- CVE-2018-25233
WebDrive 18.00.5057 Denial of Service via Secure WebDAV - CVE-2026-2370
Improper Handling of Parameters in GitLab - CVE-2023-20514
AMD Secure Processor 安全漏洞 - CVE-2025-55080
Improper Parameter Check in ThreadX Syscall Implementation - CVE-2025-55078
Incomplete validation of kernel object pointers in system ca
V. Comments for CVE-2024-20306
No comments yet