Cisco Data Center Network Manager vulnerabilities

CVE-2025-20347 [MEDIUM] CWE-693 CVE-2025-20347: A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoi

CVE-2025-20163 [HIGH] CWE-322 CVE-2025-20163: A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could al A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH conne

CVE-2020-3538 [MEDIUM] CWE-20 CVE-2020-3538: A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Soft A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests t

CVE-2020-3539 [MEDIUM] CWE-285 CVE-2020-3539: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) co A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intended for users with Administrator privileges. An attacker could ex

CVE-2024-20536 [HIGH] CWE-89 CVE-2024-20536: A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard F A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could explo

CVE-2024-20490 [MEDIUM] CWE-200 CVE-2024-20490: A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Ne A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech suppor

CVE-2024-20448 [MEDIUM] CWE-313 CVE-2024-20448: A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could e

CVE-2024-20432 [CRITICAL] CWE-77 CVE-2024-20432: A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could a A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exp

CVE-2024-20449 [HIGH] CWE-23 CVE-2024-20449: A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remo A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an a

CVE-2024-20438 [MEDIUM] CWE-693 CVE-2024-20438: A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affecte

CVE-2024-20444 [MEDIUM] CWE-88 CVE-2024-20444: A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Networ A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. An attacker coul

CVE-2024-20477 [MEDIUM] CWE-862 CVE-2024-20477: A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-priv A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API reques

CVE-2024-20441 [MEDIUM] CWE-285 CVE-2024-20441: A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-priv A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requ

CVE-2024-20281 [HIGH] CWE-352 CVE-2024-20281: A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashb A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an aff

CVE-2024-20348 [HIGH] CWE-27 CVE-2024-20348: A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provision

CVE-2021-1272 [HIGH] CWE-918 CVE-2021-1272: A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker.

CVE-2021-1248 [HIGH] CWE-89 CVE-2021-1248: Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) c Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1133 [MEDIUM] CWE-184 CVE-2021-1133: Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1247 [HIGH] CWE-89 CVE-2021-1247: Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) c Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1277 [HIGH] CWE-295 CVE-2021-1277: Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoo Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For mo