CVE-2024-20491

CWE-200Information ExposureCWE-532Log File Information Exposure4 documents4 sources
Severity
8.6HIGH
EPSS
0.3%
top 43.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Nexus Dashboard Fabric ControllerCisco Nexus Dashboard InsightsCisco Nexus Dashboard Orchestrator+1 more
Timeline
PublishedOct 2

Description

A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin c

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NExploitability: 1.8 | Impact: 4.0

Affected Packages4 packages

NVDcisco/nexus_dashboard_fabric_controller12.1.012.2.2.241
NVDcisco/nexus_dashboard_insights6.5.06.5.1.32+1
CVEListV5cisco/cisco_nexus_dashboard_insights14 versions+13
NVDcisco/nexus_dashboard_orchestrator4.4.04.4.1.1012+1

🔴Vulnerability Details

2
GHSA
GHSA-xxc2-9vrh-pfjm: A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive i2024-10-02
CVEList
Cisco Nexus Dashboard Insights Information Disclosure Vulnerability2024-10-02

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard Hosted Services Information Disclosure Vulnerabilities2024-10-02
CVE-2024-20491 (HIGH CVSS 8.6) | A vulnerability in a logging functi | cvebase.io