CVE-2024-20441Improper Authorization in Cisco Nexus Dashboard

CWE-285Improper AuthorizationCWE-693Protection Mechanism FailureCWE-862Missing Authorization4 documents4 sources
Severity
6.5MEDIUMNVD
CNA5.7
EPSS
0.3%
top 49.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Nexus DashboardCisco Nexus Dashboard Fabric ControllerCisco Data Center Network Manager
Timeline
PublishedOct 2

Description

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to download config only or full backup files and learn sensitive configu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDcisco/nexus_dashboard< 3.2\(1e\)
CVEListV5cisco/cisco_data_center_network_manager11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-9wvc-jrm9-5wxw: A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive informa2024-10-02
CVEList
Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability2024-10-02

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities2024-10-02
CVE-2024-20441 — Improper Authorization in Cisco | cvebase