Cisco Nexus Dashboard vulnerabilities

CVE-2026-20042 [MEDIUM] CWE-295 CVE-2026-20042: A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file

CVE-2026-20174 [MEDIUM] CWE-22 CVE-2026-20174: A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an auth A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually u

CVE-2026-20041 [MEDIUM] CWE-918 CVE-2026-20041: A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthent A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading a

CVE-2025-20344 [MEDIUM] CWE-22 CVE-2025-20344: A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenti A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability b

CVE-2025-20348 [MEDIUM] CWE-201 CVE-2025-20348: A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoi

CVE-2025-20163 [HIGH] CWE-322 CVE-2025-20163: A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could al A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH conne

CVE-2025-20150 [MEDIUM] CWE-209 CVE-2025-20150: A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerat A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attac

CVE-2024-20442 [MEDIUM] CWE-862 CVE-2024-20442: A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted

CVE-2024-20281 [HIGH] CWE-352 CVE-2024-20281: A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashb A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an aff

CVE-2024-20283 [MEDIUM] CWE-284 CVE-2024-20283: A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn clus A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow a

CVE-2024-20282 [MEDIUM] CWE-269 CVE-2024-20282: A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid res A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within t

CVE-2023-20014 [HIGH] CWE-399 CVE-2023-20014: A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenti A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device.

CVE-2023-20053 [MEDIUM] CWE-79 CVE-2023-20053: A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauth A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulner

CVE-2022-20909 [MEDIUM] CWE-367 CVE-2022-20909: Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to el Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executi

CVE-2022-20906 [MEDIUM] CWE-367 CVE-2022-20906: Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to el Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executi

CVE-2022-20913 [MEDIUM] CWE-23 CVE-2022-20913: A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbi A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a cra

CVE-2022-20908 [MEDIUM] CWE-367 CVE-2022-20908: Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to el Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executi

CVE-2022-20907 [MEDIUM] CWE-367 CVE-2022-20907: Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to el Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executi

CVE-2022-20858 [CRITICAL] CWE-306 CVE-2022-20858: Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2022-20857 [CRITICAL] CWE-306 CVE-2022-20857: Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory.