Search

Find a vulnerability

Search criteria

    44 vulnerabilities found for Cisco Nexus Dashboard by Cisco

    CVE-2026-20174 (GCVE-0-2026-20174)

    Vulnerability from nvd – Published: 2026-04-01 16:29 – Updated: 2026-04-01 18:09
    VLAI
    Title
    Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability
    Summary
    A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials. Note: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Affected: 3.2(2f)
    Affected: 3.2(2g)
    Affected: 3.2(2m)
    Affected: 3.1(1n)
    Affected: 4.1(1g)
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Insights Affected: 2.2.2.125
    Affected: 2.2.2.126
    Affected: 5.0.1.150
    Affected: 5.0.1.154
    Affected: 5.1.0.131
    Affected: 5.1.0.135
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.1.1
    Affected: 6.1.2
    Affected: 6.1.3
    Affected: 6.2.1
    Affected: 6.2.2
    Affected: 6.3.1
    Affected: 6.4.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T18:09:26.289152Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T18:09:37.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2m)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1n)"
                },
                {
                  "status": "affected",
                  "version": "4.1(1g)"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard Insights",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.2.125"
                },
                {
                  "status": "affected",
                  "version": "2.2.2.126"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.150"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.154"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.131"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.135"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system.\r\n\r\nThis vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the\u0026nbsp;root user. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\nNote: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:29:22.721Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndi-afw-rJuRC5dZ",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndi-afw-rJuRC5dZ"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndi-afw-rJuRC5dZ",
            "defects": [
              "CSCws40848"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20174",
        "datePublished": "2026-04-01T16:29:22.721Z",
        "dateReserved": "2025-10-08T11:59:15.392Z",
        "dateUpdated": "2026-04-01T18:09:37.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20042 (GCVE-0-2026-20042)

    Vulnerability from nvd – Published: 2026-04-01 16:27 – Updated: 2026-04-02 03:56
    VLAI
    Title
    Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability
    Summary
    A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(3e)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(0d)
    Affected: 1.1(2i)
    Affected: 2.0(1b)
    Affected: 1.1(2h)
    Affected: 1.1(0c)
    Affected: 1.1(3f)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(2d)
    Affected: 2.0(1d)
    Affected: 2.2(1h)
    Affected: 2.2(1e)
    Affected: 2.2(2d)
    Affected: 2.1(2f)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Affected: 3.2(2f)
    Affected: 3.2(2g)
    Affected: 3.2(2m)
    Affected: 3.1(1n)
    Affected: 4.1(1g)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-02T03:56:08.575Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2m)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1n)"
                },
                {
                  "status": "affected",
                  "version": "4.1(1g)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information.\r\n\r\nThis vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Improper Certificate Validation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:27:49.948Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-nd-cbid-5YqkOSHu",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-nd-cbid-5YqkOSHu",
            "defects": [
              "CSCwq66302"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20042",
        "datePublished": "2026-04-01T16:27:49.948Z",
        "dateReserved": "2025-10-08T11:59:15.354Z",
        "dateUpdated": "2026-04-02T03:56:08.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20041 (GCVE-0-2026-20041)

    Vulnerability from nvd – Published: 2026-04-01 16:27 – Updated: 2026-04-01 18:13
    VLAI
    Title
    Cisco Nexus Dashboard Server Side Request Forgery Vulnerability
    Summary
    A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(3e)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(0d)
    Affected: 1.1(2i)
    Affected: 2.0(1b)
    Affected: 1.1(2h)
    Affected: 1.1(0c)
    Affected: 1.1(3f)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(2d)
    Affected: 2.0(1d)
    Affected: 2.2(1h)
    Affected: 2.2(1e)
    Affected: 2.2(2d)
    Affected: 2.1(2f)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Affected: 3.2(2f)
    Affected: 3.2(2g)
    Affected: 3.2(2m)
    Affected: 3.1(1n)
    Affected: 4.1(1g)
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Insights Affected: 2.2.2.125
    Affected: 2.2.2.126
    Affected: 5.0.1.150
    Affected: 5.0.1.154
    Affected: 5.1.0.131
    Affected: 5.1.0.135
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.1.1
    Affected: 6.1.2
    Affected: 6.1.3
    Affected: 6.2.1
    Affected: 6.2.2
    Affected: 6.3.1
    Affected: 6.4.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20041",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T18:13:09.025281Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T18:13:15.076Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2m)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1n)"
                },
                {
                  "status": "affected",
                  "version": "4.1(1g)"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard Insights",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.2.125"
                },
                {
                  "status": "affected",
                  "version": "2.2.2.126"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.150"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.154"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.131"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.135"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:27:49.961Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-nd-ssrf-NAen4O7r",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ssrf-NAen4O7r"
            }
          ],
          "source": {
            "advisory": "cisco-sa-nd-ssrf-NAen4O7r",
            "defects": [
              "CSCwq47518"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Server Side Request Forgery Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20041",
        "datePublished": "2026-04-01T16:27:49.961Z",
        "dateReserved": "2025-10-08T11:59:15.354Z",
        "dateUpdated": "2026-04-01T18:13:15.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20348 (GCVE-0-2025-20348)

    Vulnerability from nvd – Published: 2025-08-27 16:23 – Updated: 2025-08-27 17:38
    VLAI
    Title
    Cisco Nexus Dashboard Unauthorized REST API Vulnerability
    Summary
    A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Exposure of Sensitive Information Through Sent Data
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(3e)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(0d)
    Affected: 1.1(2i)
    Affected: 2.0(1b)
    Affected: 1.1(2h)
    Affected: 1.1(0c)
    Affected: 1.1(3f)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(2d)
    Affected: 2.0(1d)
    Affected: 2.2(1h)
    Affected: 2.2(1e)
    Affected: 2.2(2d)
    Affected: 2.1(2f)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Affected: 3.2(2f)
    Affected: 3.2(2g)
    Affected: 3.2(2m)
    Affected: 3.1(1n)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20348",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-27T17:20:09.499761Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T17:38:47.129Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2m)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1n)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device.\r\n\r\nThis vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "Exposure of Sensitive Information Through Sent Data",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T16:23:01.252Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-nshs-urapi-gJuBVFpu",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nshs-urapi-gJuBVFpu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-nshs-urapi-gJuBVFpu",
            "defects": [
              "CSCwo82143"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Unauthorized REST API Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20348",
        "datePublished": "2025-08-27T16:23:01.252Z",
        "dateReserved": "2024-10-10T19:15:13.256Z",
        "dateUpdated": "2025-08-27T17:38:47.129Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20344 (GCVE-0-2025-20344)

    Vulnerability from nvd – Published: 2025-08-27 16:22 – Updated: 2026-02-26 17:47
    VLAI
    Title
    Cisco Nexus Dashboard Path Traversal Vulnerability
    Summary
    A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to gain root privileges on the underlying shell on the affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(3e)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(0d)
    Affected: 1.1(2i)
    Affected: 2.0(1b)
    Affected: 1.1(2h)
    Affected: 1.1(0c)
    Affected: 1.1(3f)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(2d)
    Affected: 2.0(1d)
    Affected: 2.2(1h)
    Affected: 2.2(1e)
    Affected: 2.2(2d)
    Affected: 2.1(2f)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Affected: 3.2(2f)
    Affected: 3.2(2g)
    Affected: 3.2(2m)
    Affected: 3.1(1n)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20344",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-28T03:55:28.763792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:58.759Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2m)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1n)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to gain root privileges on the underlying shell on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T16:22:59.270Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-nd-ptrs-XU2Fm2Wb",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ptrs-XU2Fm2Wb"
            }
          ],
          "source": {
            "advisory": "cisco-sa-nd-ptrs-XU2Fm2Wb",
            "defects": [
              "CSCwp66421"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Path Traversal Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20344",
        "datePublished": "2025-08-27T16:22:59.270Z",
        "dateReserved": "2024-10-10T19:15:13.256Z",
        "dateUpdated": "2026-02-26T17:47:58.759Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20163 (GCVE-0-2025-20163)

    Vulnerability from nvd – Published: 2025-06-04 16:17 – Updated: 2026-02-26 18:27
    VLAI
    Title
    Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability
    Summary
    A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-322 - Key Exchange without Entity Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Data Center Network Manager Affected: 11.2(1)
    Affected: 7.0(2)
    Affected: 10.3(2)IPFM
    Affected: 10.1(1)
    Affected: 7.2(3)
    Affected: 7.2(2)
    Affected: 7.2(1)
    Affected: 11.0(1)
    Affected: 10.4(1)
    Affected: 10.2(1)
    Affected: 7.2(2a)
    Affected: 10.1(2)
    Affected: 7.1(1)
    Affected: 12.1(1)
    Affected: 11.1(1)
    Affected: 10.3(1)
    Affected: 10.3(1)R(1)
    Affected: 7.0(1)
    Affected: 10.0(1)
    Affected: 7.1(2)
    Affected: 11.4(1)
    Affected: 10.4(2)
    Affected: 11.3(1)
    Affected: 11.5(1)
    Affected: 11.5(2)
    Affected: 11.5(3)
    Affected: 12.0.1a
    Affected: 11.5(3a)
    Affected: 12.0.2d
    Affected: 12.0.2f
    Affected: 11.5(4)
    Affected: 12.1.1
    Affected: 12.1.1e
    Affected: 12.1.1p
    Affected: 12.1.2e
    Affected: 12.1.2p
    Affected: 12.1.3b
    Affected: 12.2.1
    Affected: 12.2.2
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20163",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-05T03:55:24.665920Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:27:37.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Data Center Network Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2(1)"
                },
                {
                  "status": "affected",
                  "version": "7.0(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)IPFM"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)"
                },
                {
                  "status": "affected",
                  "version": "7.2(3)"
                },
                {
                  "status": "affected",
                  "version": "7.2(2)"
                },
                {
                  "status": "affected",
                  "version": "7.2(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "7.2(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.1(2)"
                },
                {
                  "status": "affected",
                  "version": "7.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.1(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)R(1)"
                },
                {
                  "status": "affected",
                  "version": "7.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "7.1(2)"
                },
                {
                  "status": "affected",
                  "version": "11.4(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(2)"
                },
                {
                  "status": "affected",
                  "version": "11.3(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(3)"
                },
                {
                  "status": "affected",
                  "version": "12.0.1a"
                },
                {
                  "status": "affected",
                  "version": "11.5(3a)"
                },
                {
                  "status": "affected",
                  "version": "12.0.2d"
                },
                {
                  "status": "affected",
                  "version": "12.0.2f"
                },
                {
                  "status": "affected",
                  "version": "11.5(4)"
                },
                {
                  "status": "affected",
                  "version": "12.1.1"
                },
                {
                  "status": "affected",
                  "version": "12.1.1e"
                },
                {
                  "status": "affected",
                  "version": "12.1.1p"
                },
                {
                  "status": "affected",
                  "version": "12.1.2e"
                },
                {
                  "status": "affected",
                  "version": "12.1.2p"
                },
                {
                  "status": "affected",
                  "version": "12.1.3b"
                },
                {
                  "status": "affected",
                  "version": "12.2.1"
                },
                {
                  "status": "affected",
                  "version": "12.2.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices.\r\n\r\nThis vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-322",
                  "description": "Key Exchange without Entity Authentication",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-04T16:17:44.257Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndfc-shkv-snQJtjrp",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndfc-shkv-snQJtjrp",
            "defects": [
              "CSCwm50501"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20163",
        "datePublished": "2025-06-04T16:17:44.257Z",
        "dateReserved": "2024-10-10T19:15:13.217Z",
        "dateUpdated": "2026-02-26T18:27:37.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20150 (GCVE-0-2025-20150)

    Vulnerability from nvd – Published: 2025-04-16 16:07 – Updated: 2025-04-16 18:06
    VLAI
    Title
    Cisco Nexus Dashboard Username Enumeration Vulnerability
    Summary
    A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.0(2g)
    Affected: 2.0(1b)
    Affected: 2.0(2h)
    Affected: 2.1(2d)
    Affected: 2.0(1d)
    Affected: 2.2(1h)
    Affected: 2.2(1e)
    Affected: 2.2(2d)
    Affected: 2.1(2f)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T18:06:13.498562Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T18:06:21.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts.\r\n\r\nThis vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-16T16:07:30.379Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-nd-unenum-2xFFh472",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-unenum-2xFFh472"
            }
          ],
          "source": {
            "advisory": "cisco-sa-nd-unenum-2xFFh472",
            "defects": [
              "CSCwk04469"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Username Enumeration Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20150",
        "datePublished": "2025-04-16T16:07:30.379Z",
        "dateReserved": "2024-10-10T19:15:13.216Z",
        "dateUpdated": "2025-04-16T18:06:21.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20442 (GCVE-0-2024-20442)

    Vulnerability from nvd – Published: 2024-10-02 16:53 – Updated: 2024-10-02 19:28
    VLAI
    Title
    Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability
    Summary
    A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(3e)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(0d)
    Affected: 1.1(2i)
    Affected: 2.0(1b)
    Affected: 1.1(2h)
    Affected: 1.1(0c)
    Affected: 1.1(3f)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(2d)
    Affected: 2.0(1d)
    Affected: 2.2(1h)
    Affected: 2.2(1e)
    Affected: 2.2(2d)
    Affected: 2.1(2f)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Affected: 3.1(1k)
    Affected: 3.1(1l)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20442",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T19:28:42.874953Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T19:28:58.418Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device.\r\n\r\nThis vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:53:41.383Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndhs-uaapi-Jh4V6zpN",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndhs-uaapi-Jh4V6zpN",
            "defects": [
              "CSCwk04255"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20442",
        "datePublished": "2024-10-02T16:53:41.383Z",
        "dateReserved": "2023-11-08T15:08:07.676Z",
        "dateUpdated": "2024-10-02T19:28:58.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20283 (GCVE-0-2024-20283)

    Vulnerability from nvd – Published: 2024-04-03 16:25 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20283",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T18:22:09.601659Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:07.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ndidv-LmXdvAf2",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device.\r\n\r This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:25:09.906Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndidv-LmXdvAf2",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndidv-LmXdvAf2",
            "defects": [
              "CSCwh02784"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20283",
        "datePublished": "2024-04-03T16:25:09.906Z",
        "dateReserved": "2023-11-08T15:08:07.626Z",
        "dateUpdated": "2024-08-01T21:59:41.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20282 (GCVE-0-2024-20282)

    Vulnerability from nvd – Published: 2024-04-03 16:20 – Updated: 2024-08-27 13:39
    VLAI
    Summary
    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Create a notification for this product.
    cisco nexus_dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
        cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ndru-pesc-kZ2PQLZH",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nexus_dashboard",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.1(0c)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(0d)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(2h)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(2i)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(3c)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(3d)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(3e)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(3f)"
                  },
                  {
                    "status": "affected",
                    "version": "2.0(1b)"
                  },
                  {
                    "status": "affected",
                    "version": "2.0(1d)"
                  },
                  {
                    "status": "affected",
                    "version": "2.0(2g)"
                  },
                  {
                    "status": "affected",
                    "version": "2.0(2h)"
                  },
                  {
                    "status": "affected",
                    "version": "2.1(1d)"
                  },
                  {
                    "status": "affected",
                    "version": "2.1(1e)"
                  },
                  {
                    "status": "affected",
                    "version": "2.1(2d)"
                  },
                  {
                    "status": "affected",
                    "version": "2.1(2f)"
                  },
                  {
                    "status": "affected",
                    "version": "2.2(1e)"
                  },
                  {
                    "status": "affected",
                    "version": "2.2(1h)"
                  },
                  {
                    "status": "affected",
                    "version": "2.2(2d)"
                  },
                  {
                    "status": "affected",
                    "version": "2.3(1c)"
                  },
                  {
                    "status": "affected",
                    "version": "2.3(2b)"
                  },
                  {
                    "status": "affected",
                    "version": "2.3(2c)"
                  },
                  {
                    "status": "affected",
                    "version": "2.3(2d)"
                  },
                  {
                    "status": "affected",
                    "version": "2.3(2e)"
                  },
                  {
                    "status": "affected",
                    "version": "3.0(1f)"
                  },
                  {
                    "status": "affected",
                    "version": "3.0(1i)"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20282",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T19:07:42.320022Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T13:39:11.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.\r\n\r This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:20:33.850Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndru-pesc-kZ2PQLZH",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndru-pesc-kZ2PQLZH",
            "defects": [
              "CSCwh02726"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20282",
        "datePublished": "2024-04-03T16:20:33.850Z",
        "dateReserved": "2023-11-08T15:08:07.626Z",
        "dateUpdated": "2024-08-27T13:39:11.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20281 (GCVE-0-2024-20281)

    Vulnerability from nvd – Published: 2024-04-03 16:20 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Data Center Network Manager Affected: 12.1(1)
    Affected: 12.1.1e
    Affected: 12.1.2e
    Affected: 12.1.3b
    Affected: 12.0.1a
    Affected: 12.0.2d
    Affected: 12.0.2f
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Orchestrator Affected: N/A
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Insights Affected: 2.2.2.125
    Affected: 2.2.2.126
    Affected: 5.0.1.150
    Affected: 5.0.1.154
    Affected: 5.1.0.131
    Affected: 5.1.0.135
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.1.1
    Affected: 6.1.2
    Affected: 6.1.3
    Affected: 6.3.1
    Affected: 6.2.1
    Affected: 6.2.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-05T19:36:14.483327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:22.646Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.178Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ndfccsrf-TEmZEfJ9",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfccsrf-TEmZEfJ9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Data Center Network Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1.1e"
                },
                {
                  "status": "affected",
                  "version": "12.1.2e"
                },
                {
                  "status": "affected",
                  "version": "12.1.3b"
                },
                {
                  "status": "affected",
                  "version": "12.0.1a"
                },
                {
                  "status": "affected",
                  "version": "12.0.2d"
                },
                {
                  "status": "affected",
                  "version": "12.0.2f"
                }
              ]
            },
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                }
              ]
            },
            {
              "product": "Cisco Nexus Dashboard Orchestrator",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Nexus Dashboard Insights",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.2.125"
                },
                {
                  "status": "affected",
                  "version": "2.2.2.126"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.150"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.154"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.131"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.135"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.\r\n\r Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:20:04.470Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndfccsrf-TEmZEfJ9",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfccsrf-TEmZEfJ9"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndfccsrf-TEmZEfJ9",
            "defects": [
              "CSCwf16632",
              "CSCwh13498",
              "CSCwh00221",
              "CSCwh00212"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20281",
        "datePublished": "2024-04-03T16:20:04.470Z",
        "dateReserved": "2023-11-08T15:08:07.626Z",
        "dateUpdated": "2024-08-01T21:59:41.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20053 (GCVE-0-2023-20053)

    Vulnerability from nvd – Published: 2023-02-16 15:27 – Updated: 2024-11-21 21:40
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-nexus-dashboard-xss-xc5BcgsQ",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-dashboard-xss-xc5BcgsQ"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-30T15:28:44.401293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T21:40:56.633Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.\r\n\r This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:39.267Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-nexus-dashboard-xss-xc5BcgsQ",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-dashboard-xss-xc5BcgsQ"
            }
          ],
          "source": {
            "advisory": "cisco-sa-nexus-dashboard-xss-xc5BcgsQ",
            "defects": [
              "CSCwd35178"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20053",
        "datePublished": "2023-02-16T15:27:54.894Z",
        "dateReserved": "2022-10-27T18:47:50.319Z",
        "dateUpdated": "2024-11-21T21:40:56.633Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20014 (GCVE-0-2023-20014)

    Vulnerability from nvd – Published: 2023-02-16 15:24 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition.
    CWE
    • CWE-399 - Resource Management Errors
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ndb-dnsdos-bYscZOsu",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-dnsdos-bYscZOsu"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\r\n\r This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-399",
                  "description": "Resource Management Errors",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:31.241Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndb-dnsdos-bYscZOsu",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-dnsdos-bYscZOsu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndb-dnsdos-bYscZOsu",
            "defects": [
              "CSCwb74816"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20014",
        "datePublished": "2023-02-16T15:24:43.493Z",
        "dateReserved": "2022-10-27T18:47:50.308Z",
        "dateUpdated": "2024-08-02T08:57:35.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20913 (GCVE-0-2022-20913)

    Vulnerability from nvd – Published: 2022-07-21 04:05 – Updated: 2024-11-01 18:56
    VLAI
    Title
    Cisco Nexus Dashboard Arbitrary File Write Vulnerability
    Summary
    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:57.959Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220720 Cisco Nexus Dashboard Arbitrary File Write Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-afw-2MT9tb99"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20913",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:40:39.351565Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T18:56:12.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-21T04:05:40.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220720 Cisco Nexus Dashboard Arbitrary File Write Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-afw-2MT9tb99"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndb-afw-2MT9tb99",
            "defect": [
              [
                "CSCwb24514"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Arbitrary File Write Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-20T23:00:00",
              "ID": "CVE-2022-20913",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Nexus Dashboard Arbitrary File Write Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Nexus Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "4.9",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-23"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220720 Cisco Nexus Dashboard Arbitrary File Write Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-afw-2MT9tb99"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ndb-afw-2MT9tb99",
              "defect": [
                [
                  "CSCwb24514"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20913",
        "datePublished": "2022-07-21T04:05:40.172Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-01T18:56:12.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20909 (GCVE-0-2022-20909)

    Vulnerability from nvd – Published: 2022-07-21 04:01 – Updated: 2024-11-01 18:56
    VLAI
    Title
    Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20909",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:42:25.559660Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T18:56:34.970Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-21T04:01:16.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndb-mprvesc-EMhDgXe5",
            "defect": [
              [
                "CSCwa75446",
                "CSCwa93561",
                "CSCwa93569",
                "CSCwa93570"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-20T23:00:00",
              "ID": "CVE-2022-20909",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Nexus Dashboard Privilege Escalation Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Nexus Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.0",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-367"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ndb-mprvesc-EMhDgXe5",
              "defect": [
                [
                  "CSCwa75446",
                  "CSCwa93561",
                  "CSCwa93569",
                  "CSCwa93570"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20909",
        "datePublished": "2022-07-21T04:01:16.848Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-01T18:56:34.970Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20908 (GCVE-0-2022-20908)

    Vulnerability from nvd – Published: 2022-07-21 03:50 – Updated: 2024-11-01 18:59
    VLAI
    Title
    Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:57.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20908",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:42:31.142964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T18:59:28.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-21T03:50:17.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndb-mprvesc-EMhDgXe5",
            "defect": [
              [
                "CSCwa75446",
                "CSCwa93561",
                "CSCwa93569",
                "CSCwa93570"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-20T23:00:00",
              "ID": "CVE-2022-20908",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Nexus Dashboard Privilege Escalation Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Nexus Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.0",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-367"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ndb-mprvesc-EMhDgXe5",
              "defect": [
                [
                  "CSCwa75446",
                  "CSCwa93561",
                  "CSCwa93569",
                  "CSCwa93570"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20908",
        "datePublished": "2022-07-21T03:50:17.515Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-01T18:59:28.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20907 (GCVE-0-2022-20907)

    Vulnerability from nvd – Published: 2022-07-21 03:50 – Updated: 2024-11-01 18:59
    VLAI
    Title
    Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:57.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20907",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:42:29.062854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T18:59:21.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-21T03:50:25.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndb-mprvesc-EMhDgXe5",
            "defect": [
              [
                "CSCwa75446",
                "CSCwa93561",
                "CSCwa93569",
                "CSCwa93570"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-20T23:00:00",
              "ID": "CVE-2022-20907",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Nexus Dashboard Privilege Escalation Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Nexus Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.0",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-367"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ndb-mprvesc-EMhDgXe5",
              "defect": [
                [
                  "CSCwa75446",
                  "CSCwa93561",
                  "CSCwa93569",
                  "CSCwa93570"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20907",
        "datePublished": "2022-07-21T03:50:25.468Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-01T18:59:21.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-20174 (GCVE-0-2026-20174)

    Vulnerability from cvelistv5 – Published: 2026-04-01 16:29 – Updated: 2026-04-01 18:09
    VLAI
    Title
    Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability
    Summary
    A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials. Note: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Affected: 3.2(2f)
    Affected: 3.2(2g)
    Affected: 3.2(2m)
    Affected: 3.1(1n)
    Affected: 4.1(1g)
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Insights Affected: 2.2.2.125
    Affected: 2.2.2.126
    Affected: 5.0.1.150
    Affected: 5.0.1.154
    Affected: 5.1.0.131
    Affected: 5.1.0.135
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.1.1
    Affected: 6.1.2
    Affected: 6.1.3
    Affected: 6.2.1
    Affected: 6.2.2
    Affected: 6.3.1
    Affected: 6.4.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T18:09:26.289152Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T18:09:37.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2m)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1n)"
                },
                {
                  "status": "affected",
                  "version": "4.1(1g)"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard Insights",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.2.125"
                },
                {
                  "status": "affected",
                  "version": "2.2.2.126"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.150"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.154"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.131"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.135"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system.\r\n\r\nThis vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the\u0026nbsp;root user. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\nNote: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:29:22.721Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndi-afw-rJuRC5dZ",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndi-afw-rJuRC5dZ"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndi-afw-rJuRC5dZ",
            "defects": [
              "CSCws40848"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20174",
        "datePublished": "2026-04-01T16:29:22.721Z",
        "dateReserved": "2025-10-08T11:59:15.392Z",
        "dateUpdated": "2026-04-01T18:09:37.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20041 (GCVE-0-2026-20041)

    Vulnerability from cvelistv5 – Published: 2026-04-01 16:27 – Updated: 2026-04-01 18:13
    VLAI
    Title
    Cisco Nexus Dashboard Server Side Request Forgery Vulnerability
    Summary
    A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(3e)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(0d)
    Affected: 1.1(2i)
    Affected: 2.0(1b)
    Affected: 1.1(2h)
    Affected: 1.1(0c)
    Affected: 1.1(3f)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(2d)
    Affected: 2.0(1d)
    Affected: 2.2(1h)
    Affected: 2.2(1e)
    Affected: 2.2(2d)
    Affected: 2.1(2f)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Affected: 3.2(2f)
    Affected: 3.2(2g)
    Affected: 3.2(2m)
    Affected: 3.1(1n)
    Affected: 4.1(1g)
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Insights Affected: 2.2.2.125
    Affected: 2.2.2.126
    Affected: 5.0.1.150
    Affected: 5.0.1.154
    Affected: 5.1.0.131
    Affected: 5.1.0.135
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.1.1
    Affected: 6.1.2
    Affected: 6.1.3
    Affected: 6.2.1
    Affected: 6.2.2
    Affected: 6.3.1
    Affected: 6.4.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20041",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T18:13:09.025281Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T18:13:15.076Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2m)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1n)"
                },
                {
                  "status": "affected",
                  "version": "4.1(1g)"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard Insights",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.2.125"
                },
                {
                  "status": "affected",
                  "version": "2.2.2.126"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.150"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.154"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.131"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.135"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:27:49.961Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-nd-ssrf-NAen4O7r",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ssrf-NAen4O7r"
            }
          ],
          "source": {
            "advisory": "cisco-sa-nd-ssrf-NAen4O7r",
            "defects": [
              "CSCwq47518"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Server Side Request Forgery Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20041",
        "datePublished": "2026-04-01T16:27:49.961Z",
        "dateReserved": "2025-10-08T11:59:15.354Z",
        "dateUpdated": "2026-04-01T18:13:15.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20042 (GCVE-0-2026-20042)

    Vulnerability from cvelistv5 – Published: 2026-04-01 16:27 – Updated: 2026-04-02 03:56
    VLAI
    Title
    Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability
    Summary
    A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(3e)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(0d)
    Affected: 1.1(2i)
    Affected: 2.0(1b)
    Affected: 1.1(2h)
    Affected: 1.1(0c)
    Affected: 1.1(3f)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(2d)
    Affected: 2.0(1d)
    Affected: 2.2(1h)
    Affected: 2.2(1e)
    Affected: 2.2(2d)
    Affected: 2.1(2f)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Affected: 3.2(2f)
    Affected: 3.2(2g)
    Affected: 3.2(2m)
    Affected: 3.1(1n)
    Affected: 4.1(1g)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-02T03:56:08.575Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2m)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1n)"
                },
                {
                  "status": "affected",
                  "version": "4.1(1g)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information.\r\n\r\nThis vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Improper Certificate Validation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:27:49.948Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-nd-cbid-5YqkOSHu",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-nd-cbid-5YqkOSHu",
            "defects": [
              "CSCwq66302"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20042",
        "datePublished": "2026-04-01T16:27:49.948Z",
        "dateReserved": "2025-10-08T11:59:15.354Z",
        "dateUpdated": "2026-04-02T03:56:08.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20348 (GCVE-0-2025-20348)

    Vulnerability from cvelistv5 – Published: 2025-08-27 16:23 – Updated: 2025-08-27 17:38
    VLAI
    Title
    Cisco Nexus Dashboard Unauthorized REST API Vulnerability
    Summary
    A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Exposure of Sensitive Information Through Sent Data
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(3e)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(0d)
    Affected: 1.1(2i)
    Affected: 2.0(1b)
    Affected: 1.1(2h)
    Affected: 1.1(0c)
    Affected: 1.1(3f)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(2d)
    Affected: 2.0(1d)
    Affected: 2.2(1h)
    Affected: 2.2(1e)
    Affected: 2.2(2d)
    Affected: 2.1(2f)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Affected: 3.2(2f)
    Affected: 3.2(2g)
    Affected: 3.2(2m)
    Affected: 3.1(1n)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20348",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-27T17:20:09.499761Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T17:38:47.129Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2m)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1n)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device.\r\n\r\nThis vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "Exposure of Sensitive Information Through Sent Data",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T16:23:01.252Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-nshs-urapi-gJuBVFpu",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nshs-urapi-gJuBVFpu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-nshs-urapi-gJuBVFpu",
            "defects": [
              "CSCwo82143"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Unauthorized REST API Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20348",
        "datePublished": "2025-08-27T16:23:01.252Z",
        "dateReserved": "2024-10-10T19:15:13.256Z",
        "dateUpdated": "2025-08-27T17:38:47.129Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20344 (GCVE-0-2025-20344)

    Vulnerability from cvelistv5 – Published: 2025-08-27 16:22 – Updated: 2026-02-26 17:47
    VLAI
    Title
    Cisco Nexus Dashboard Path Traversal Vulnerability
    Summary
    A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to gain root privileges on the underlying shell on the affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(3e)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(0d)
    Affected: 1.1(2i)
    Affected: 2.0(1b)
    Affected: 1.1(2h)
    Affected: 1.1(0c)
    Affected: 1.1(3f)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(2d)
    Affected: 2.0(1d)
    Affected: 2.2(1h)
    Affected: 2.2(1e)
    Affected: 2.2(2d)
    Affected: 2.1(2f)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Affected: 3.2(2f)
    Affected: 3.2(2g)
    Affected: 3.2(2m)
    Affected: 3.1(1n)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20344",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-28T03:55:28.763792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:58.759Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2m)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1n)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to gain root privileges on the underlying shell on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T16:22:59.270Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-nd-ptrs-XU2Fm2Wb",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ptrs-XU2Fm2Wb"
            }
          ],
          "source": {
            "advisory": "cisco-sa-nd-ptrs-XU2Fm2Wb",
            "defects": [
              "CSCwp66421"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Path Traversal Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20344",
        "datePublished": "2025-08-27T16:22:59.270Z",
        "dateReserved": "2024-10-10T19:15:13.256Z",
        "dateUpdated": "2026-02-26T17:47:58.759Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20163 (GCVE-0-2025-20163)

    Vulnerability from cvelistv5 – Published: 2025-06-04 16:17 – Updated: 2026-02-26 18:27
    VLAI
    Title
    Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability
    Summary
    A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-322 - Key Exchange without Entity Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Data Center Network Manager Affected: 11.2(1)
    Affected: 7.0(2)
    Affected: 10.3(2)IPFM
    Affected: 10.1(1)
    Affected: 7.2(3)
    Affected: 7.2(2)
    Affected: 7.2(1)
    Affected: 11.0(1)
    Affected: 10.4(1)
    Affected: 10.2(1)
    Affected: 7.2(2a)
    Affected: 10.1(2)
    Affected: 7.1(1)
    Affected: 12.1(1)
    Affected: 11.1(1)
    Affected: 10.3(1)
    Affected: 10.3(1)R(1)
    Affected: 7.0(1)
    Affected: 10.0(1)
    Affected: 7.1(2)
    Affected: 11.4(1)
    Affected: 10.4(2)
    Affected: 11.3(1)
    Affected: 11.5(1)
    Affected: 11.5(2)
    Affected: 11.5(3)
    Affected: 12.0.1a
    Affected: 11.5(3a)
    Affected: 12.0.2d
    Affected: 12.0.2f
    Affected: 11.5(4)
    Affected: 12.1.1
    Affected: 12.1.1e
    Affected: 12.1.1p
    Affected: 12.1.2e
    Affected: 12.1.2p
    Affected: 12.1.3b
    Affected: 12.2.1
    Affected: 12.2.2
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20163",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-05T03:55:24.665920Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:27:37.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Data Center Network Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2(1)"
                },
                {
                  "status": "affected",
                  "version": "7.0(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)IPFM"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)"
                },
                {
                  "status": "affected",
                  "version": "7.2(3)"
                },
                {
                  "status": "affected",
                  "version": "7.2(2)"
                },
                {
                  "status": "affected",
                  "version": "7.2(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "7.2(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.1(2)"
                },
                {
                  "status": "affected",
                  "version": "7.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.1(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)R(1)"
                },
                {
                  "status": "affected",
                  "version": "7.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "7.1(2)"
                },
                {
                  "status": "affected",
                  "version": "11.4(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(2)"
                },
                {
                  "status": "affected",
                  "version": "11.3(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(3)"
                },
                {
                  "status": "affected",
                  "version": "12.0.1a"
                },
                {
                  "status": "affected",
                  "version": "11.5(3a)"
                },
                {
                  "status": "affected",
                  "version": "12.0.2d"
                },
                {
                  "status": "affected",
                  "version": "12.0.2f"
                },
                {
                  "status": "affected",
                  "version": "11.5(4)"
                },
                {
                  "status": "affected",
                  "version": "12.1.1"
                },
                {
                  "status": "affected",
                  "version": "12.1.1e"
                },
                {
                  "status": "affected",
                  "version": "12.1.1p"
                },
                {
                  "status": "affected",
                  "version": "12.1.2e"
                },
                {
                  "status": "affected",
                  "version": "12.1.2p"
                },
                {
                  "status": "affected",
                  "version": "12.1.3b"
                },
                {
                  "status": "affected",
                  "version": "12.2.1"
                },
                {
                  "status": "affected",
                  "version": "12.2.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices.\r\n\r\nThis vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-322",
                  "description": "Key Exchange without Entity Authentication",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-04T16:17:44.257Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndfc-shkv-snQJtjrp",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndfc-shkv-snQJtjrp",
            "defects": [
              "CSCwm50501"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20163",
        "datePublished": "2025-06-04T16:17:44.257Z",
        "dateReserved": "2024-10-10T19:15:13.217Z",
        "dateUpdated": "2026-02-26T18:27:37.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20150 (GCVE-0-2025-20150)

    Vulnerability from cvelistv5 – Published: 2025-04-16 16:07 – Updated: 2025-04-16 18:06
    VLAI
    Title
    Cisco Nexus Dashboard Username Enumeration Vulnerability
    Summary
    A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.0(2g)
    Affected: 2.0(1b)
    Affected: 2.0(2h)
    Affected: 2.1(2d)
    Affected: 2.0(1d)
    Affected: 2.2(1h)
    Affected: 2.2(1e)
    Affected: 2.2(2d)
    Affected: 2.1(2f)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T18:06:13.498562Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T18:06:21.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts.\r\n\r\nThis vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-16T16:07:30.379Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-nd-unenum-2xFFh472",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-unenum-2xFFh472"
            }
          ],
          "source": {
            "advisory": "cisco-sa-nd-unenum-2xFFh472",
            "defects": [
              "CSCwk04469"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Username Enumeration Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20150",
        "datePublished": "2025-04-16T16:07:30.379Z",
        "dateReserved": "2024-10-10T19:15:13.216Z",
        "dateUpdated": "2025-04-16T18:06:21.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20442 (GCVE-0-2024-20442)

    Vulnerability from cvelistv5 – Published: 2024-10-02 16:53 – Updated: 2024-10-02 19:28
    VLAI
    Title
    Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability
    Summary
    A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(3e)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(0d)
    Affected: 1.1(2i)
    Affected: 2.0(1b)
    Affected: 1.1(2h)
    Affected: 1.1(0c)
    Affected: 1.1(3f)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(2d)
    Affected: 2.0(1d)
    Affected: 2.2(1h)
    Affected: 2.2(1e)
    Affected: 2.2(2d)
    Affected: 2.1(2f)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Affected: 3.1(1k)
    Affected: 3.1(1l)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20442",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T19:28:42.874953Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T19:28:58.418Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device.\r\n\r\nThis vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:53:41.383Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndhs-uaapi-Jh4V6zpN",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndhs-uaapi-Jh4V6zpN",
            "defects": [
              "CSCwk04255"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20442",
        "datePublished": "2024-10-02T16:53:41.383Z",
        "dateReserved": "2023-11-08T15:08:07.676Z",
        "dateUpdated": "2024-10-02T19:28:58.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20283 (GCVE-0-2024-20283)

    Vulnerability from cvelistv5 – Published: 2024-04-03 16:25 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20283",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T18:22:09.601659Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:07.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ndidv-LmXdvAf2",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device.\r\n\r This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:25:09.906Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndidv-LmXdvAf2",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndidv-LmXdvAf2",
            "defects": [
              "CSCwh02784"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20283",
        "datePublished": "2024-04-03T16:25:09.906Z",
        "dateReserved": "2023-11-08T15:08:07.626Z",
        "dateUpdated": "2024-08-01T21:59:41.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20282 (GCVE-0-2024-20282)

    Vulnerability from cvelistv5 – Published: 2024-04-03 16:20 – Updated: 2024-08-27 13:39
    VLAI
    Summary
    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
    Create a notification for this product.
    cisco nexus_dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Affected: 3.0(1i)
        cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ndru-pesc-kZ2PQLZH",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nexus_dashboard",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.1(0c)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(0d)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(2h)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(2i)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(3c)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(3d)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(3e)"
                  },
                  {
                    "status": "affected",
                    "version": "1.1(3f)"
                  },
                  {
                    "status": "affected",
                    "version": "2.0(1b)"
                  },
                  {
                    "status": "affected",
                    "version": "2.0(1d)"
                  },
                  {
                    "status": "affected",
                    "version": "2.0(2g)"
                  },
                  {
                    "status": "affected",
                    "version": "2.0(2h)"
                  },
                  {
                    "status": "affected",
                    "version": "2.1(1d)"
                  },
                  {
                    "status": "affected",
                    "version": "2.1(1e)"
                  },
                  {
                    "status": "affected",
                    "version": "2.1(2d)"
                  },
                  {
                    "status": "affected",
                    "version": "2.1(2f)"
                  },
                  {
                    "status": "affected",
                    "version": "2.2(1e)"
                  },
                  {
                    "status": "affected",
                    "version": "2.2(1h)"
                  },
                  {
                    "status": "affected",
                    "version": "2.2(2d)"
                  },
                  {
                    "status": "affected",
                    "version": "2.3(1c)"
                  },
                  {
                    "status": "affected",
                    "version": "2.3(2b)"
                  },
                  {
                    "status": "affected",
                    "version": "2.3(2c)"
                  },
                  {
                    "status": "affected",
                    "version": "2.3(2d)"
                  },
                  {
                    "status": "affected",
                    "version": "2.3(2e)"
                  },
                  {
                    "status": "affected",
                    "version": "3.0(1f)"
                  },
                  {
                    "status": "affected",
                    "version": "3.0(1i)"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20282",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T19:07:42.320022Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T13:39:11.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1i)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.\r\n\r This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:20:33.850Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndru-pesc-kZ2PQLZH",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndru-pesc-kZ2PQLZH",
            "defects": [
              "CSCwh02726"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20282",
        "datePublished": "2024-04-03T16:20:33.850Z",
        "dateReserved": "2023-11-08T15:08:07.626Z",
        "dateUpdated": "2024-08-27T13:39:11.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20281 (GCVE-0-2024-20281)

    Vulnerability from cvelistv5 – Published: 2024-04-03 16:20 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Data Center Network Manager Affected: 12.1(1)
    Affected: 12.1.1e
    Affected: 12.1.2e
    Affected: 12.1.3b
    Affected: 12.0.1a
    Affected: 12.0.2d
    Affected: 12.0.2f
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Orchestrator Affected: N/A
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Insights Affected: 2.2.2.125
    Affected: 2.2.2.126
    Affected: 5.0.1.150
    Affected: 5.0.1.154
    Affected: 5.1.0.131
    Affected: 5.1.0.135
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.1.1
    Affected: 6.1.2
    Affected: 6.1.3
    Affected: 6.3.1
    Affected: 6.2.1
    Affected: 6.2.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-05T19:36:14.483327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:22.646Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.178Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ndfccsrf-TEmZEfJ9",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfccsrf-TEmZEfJ9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Data Center Network Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1.1e"
                },
                {
                  "status": "affected",
                  "version": "12.1.2e"
                },
                {
                  "status": "affected",
                  "version": "12.1.3b"
                },
                {
                  "status": "affected",
                  "version": "12.0.1a"
                },
                {
                  "status": "affected",
                  "version": "12.0.2d"
                },
                {
                  "status": "affected",
                  "version": "12.0.2f"
                }
              ]
            },
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                }
              ]
            },
            {
              "product": "Cisco Nexus Dashboard Orchestrator",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Nexus Dashboard Insights",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.2.125"
                },
                {
                  "status": "affected",
                  "version": "2.2.2.126"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.150"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.154"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.131"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.135"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.\r\n\r Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:20:04.470Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndfccsrf-TEmZEfJ9",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfccsrf-TEmZEfJ9"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndfccsrf-TEmZEfJ9",
            "defects": [
              "CSCwf16632",
              "CSCwh13498",
              "CSCwh00221",
              "CSCwh00212"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20281",
        "datePublished": "2024-04-03T16:20:04.470Z",
        "dateReserved": "2023-11-08T15:08:07.626Z",
        "dateUpdated": "2024-08-01T21:59:41.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20053 (GCVE-0-2023-20053)

    Vulnerability from cvelistv5 – Published: 2023-02-16 15:27 – Updated: 2024-11-21 21:40
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-nexus-dashboard-xss-xc5BcgsQ",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-dashboard-xss-xc5BcgsQ"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-30T15:28:44.401293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T21:40:56.633Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.\r\n\r This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:39.267Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-nexus-dashboard-xss-xc5BcgsQ",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-dashboard-xss-xc5BcgsQ"
            }
          ],
          "source": {
            "advisory": "cisco-sa-nexus-dashboard-xss-xc5BcgsQ",
            "defects": [
              "CSCwd35178"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20053",
        "datePublished": "2023-02-16T15:27:54.894Z",
        "dateReserved": "2022-10-27T18:47:50.319Z",
        "dateUpdated": "2024-11-21T21:40:56.633Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20014 (GCVE-0-2023-20014)

    Vulnerability from cvelistv5 – Published: 2023-02-16 15:24 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition.
    CWE
    • CWE-399 - Resource Management Errors
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ndb-dnsdos-bYscZOsu",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-dnsdos-bYscZOsu"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\r\n\r This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-399",
                  "description": "Resource Management Errors",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:31.241Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndb-dnsdos-bYscZOsu",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-dnsdos-bYscZOsu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndb-dnsdos-bYscZOsu",
            "defects": [
              "CSCwb74816"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20014",
        "datePublished": "2023-02-16T15:24:43.493Z",
        "dateReserved": "2022-10-27T18:47:50.308Z",
        "dateUpdated": "2024-08-02T08:57:35.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }