CVE-2024-20490Sensitive Information Exposure in Cisco Nexus Dashboard Fabric Controller

CWE-200Sensitive Information ExposureCWE-532Log File Information Exposure4 documents4 sources
Severity
8.6HIGHNVD
CNA6.3
EPSS
0.3%
top 43.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Nexus Dashboard Fabric ControllerCisco Nexus Dashboard InsightsCisco Nexus Dashboard Orchestrator+2 more
Timeline
PublishedOct 2

Description

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages5 packages

NVDcisco/nexus_dashboard_fabric_controller12.1.012.2.2.241
NVDcisco/nexus_dashboard_orchestrator4.4.04.4.1.1012+1
NVDcisco/nexus_dashboard_insights6.5.06.5.1.32+1

🔴Vulnerability Details

2
GHSA
GHSA-22cv-mr79-8p5c: A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an at2024-10-02
CVEList
Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability2024-10-02

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard Hosted Services Information Disclosure Vulnerabilities2024-10-02
CVE-2024-20490 — Sensitive Information Exposure | cvebase