CVE-2024-20442

CWE-862Missing AuthorizationCWE-285CWE-6934 documents4 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 44.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Nexus DashboardCisco Nexus Dashboard Fabric ControllerCisco Cisco Nexus Dashboard
Timeline
PublishedOct 2

Description

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portio

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

NVDcisco/nexus_dashboard< 3.2\(1e\)
CVEListV5cisco/cisco_nexus_dashboard28 versions+27

🔴Vulnerability Details

2
GHSA
GHSA-fqfx-6m93-92cg: A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Ad2024-10-02
CVEList
Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability2024-10-02

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities2024-10-02
CVE-2024-20442 (MEDIUM CVSS 5.4) | A vulnerability in the REST API end | cvebase.io