CVE-2024-20302

CWE-284 — Improper Access Control4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 68.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nexus Dashboard Orchestrator Cisco Cisco Nexus Dashboard Orchestrator

Timeline

PublishedApr 3

Description

A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. This vulnerability is due to improper access controls within tenant security. An attacker who is using a valid user account with write privileges and either a Site Manager or Tenant Manager role could exploit this vulnerability. A successful exploit could allow the attacker to modify or delete …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDcisco/nexus_dashboard_orchestrator< 4.2(3e)

▶CVEListV5cisco/cisco_nexus_dashboard_orchestratorN/A

🔴Vulnerability Details

CVEList

CVE-2024-20302: A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to mod↗2024-04-03

▶

GHSA

GHSA-5m8h-3c7v-787m: A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to mod↗2024-04-03

▶

📋Vendor Advisories

Cisco

Cisco Nexus Dashboard Orchestrator Unauthorized Policy Actions Vulnerability↗2024-04-03

▶