VDB

CVE-2024-20483

CVE-2024-20483 PUBLISHED CVSS 7.5 HIGH

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root. These vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command. A successful exploit could allow the attacker to execute arbitrary commands as root on the PON controller.

EPSS 0.57% · 68.9th percentile

Risk Scores

CVSS 4.0
7.5
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.57%
68.9th percentile

Affected Products

VendorProductVersions
CiscoCisco IOS XR Software24.2.1, 24.3.1, 24.2.11
ciscoios_xr24.1.1, 24.2.11, 24.3.1
ciscoios_xr24.1.1, 24.1.2, 24.2.1

Exploit Intelligence

Timeline

  • Sep 11, 2024 CVE Published
  • Sep 12, 2024 EPSS Score
  • Sep 20, 2024 CVE Updated
  • Oct 2, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 22, 2024 EPSS Score
  • Nov 10, 2024 EPSS Score
  • Nov 30, 2024 EPSS Score
  • Dec 21, 2024 EPSS Score
  • Jan 10, 2025 EPSS Score
  • Jan 30, 2025 EPSS Score
  • Feb 18, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›