Vulnerabilities > Cisco > Nexus Dashboard Fabric Controller > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-20438 | Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. | 5.4 |
| 2024-10-02 | CVE-2024-20441 | Unspecified vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. | 6.5 |
| 2024-10-02 | CVE-2024-20442 | Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. | 5.4 |
| 2024-10-02 | CVE-2024-20444 | Argument Injection or Modification vulnerability in Cisco Nexus Dashboard Fabric Controller A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. | 5.5 |
| 2024-10-02 | CVE-2024-20477 | Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. | 5.4 |