Vulnerabilities > Cisco > Nexus Dashboard > 2.2.1h

DATE CVE VULNERABILITY TITLE RISK
2024-10-02 CVE-2024-20438 Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints.
network
low complexity
cisco CWE-862
5.4
2024-10-02 CVE-2024-20441 Unspecified vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint.
network
low complexity
cisco
6.5
2024-10-02 CVE-2024-20442 Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints.
network
low complexity
cisco CWE-862
5.4
2024-10-02 CVE-2024-20477 Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint.
network
low complexity
cisco CWE-862
5.4
2023-03-01 CVE-2023-20014 Resource Exhaustion vulnerability in Cisco Nexus Dashboard
A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests.
network
low complexity
cisco CWE-400
7.5
2023-03-01 CVE-2023-20053 Cross-site Scripting vulnerability in Cisco Nexus Dashboard
A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation.
network
low complexity
cisco CWE-79
6.1