Vulnerabilities > Cisco > Nexus Dashboard Fabric Controller
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-20432 | Command Injection vulnerability in Cisco Nexus Dashboard Fabric Controller A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient validation of command arguments. | 8.8 |
| 2024-10-02 | CVE-2024-20438 | Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. | 5.4 |
| 2024-10-02 | CVE-2024-20441 | Unspecified vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. | 6.5 |
| 2024-10-02 | CVE-2024-20442 | Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. | 5.4 |
| 2024-10-02 | CVE-2024-20444 | Argument Injection or Modification vulnerability in Cisco Nexus Dashboard Fabric Controller A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. | 5.5 |
| 2024-10-02 | CVE-2024-20448 | Cleartext Storage of Sensitive Information vulnerability in Cisco Nexus Dashboard Fabric Controller A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. | 8.6 |
| 2024-10-02 | CVE-2024-20449 | Path Traversal vulnerability in Cisco Nexus Dashboard Fabric Controller A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. | 8.8 |
| 2024-10-02 | CVE-2024-20477 | Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. | 5.4 |
| 2024-10-02 | CVE-2024-20490 | Information Exposure Through Log Files vulnerability in Cisco products A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. | 8.6 |
| 2024-10-02 | CVE-2024-20491 | Information Exposure Through Log Files vulnerability in Cisco products A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. | 8.6 |