216.73.217.64

CVE-2024-20438

· Published 02/10/2024 17:15 · Modified 08/10/2024 13:54

Labels: CVE-2024-20438 2024-10-02CVE-2024-20438CWE-693CWE-862[email protected]

Essential information

Published
02/10/2024 17:15
Modified
08/10/2024 13:54
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cisco / nexus dashboard cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*
cisco / nexus dashboard fabric controller cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:*:*:*:*:*:*:*:*

References