CVE-2024-20448

CWE-313 CWE-312 — Cleartext Storage of Sensitive Info4 documents4 sources

Severity

8.6HIGH

EPSS

0.1%

top 65.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nexus Dashboard Fabric Controller Cisco Cisco Data Center Network Manager

Timeline

PublishedOct 2

Description

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the a…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NExploitability: 1.8 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_data_center_network_manager38 versions+37

▶NVDcisco/nexus_dashboard_fabric_controller< 12.2.2

🔴Vulnerability Details

GHSA

GHSA-p9q6-8mq9-55p7: A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an atta↗2024-10-02

▶

CVEList

Cisco Nexus Dashboard Fabric Controller Credential Information Disclosure Vulnerability↗2024-10-02

▶

📋Vendor Advisories

Cisco

Cisco Nexus Dashboard Fabric Controller Configuration Backup Information Disclosure Vulnerability↗2024-10-02

▶