Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for nexus_dashboard_insights by cisco

    CVE-2026-20174 (GCVE-0-2026-20174)

    Vulnerability from nvd – Published: 2026-04-01 16:29 – Updated: 2026-04-01 18:09
    VLAI
    Title
    Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability
    Summary
    A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials. Note: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Affected: 3.2(2f)
    Affected: 3.2(2g)
    Affected: 3.2(2m)
    Affected: 3.1(1n)
    Affected: 4.1(1g)
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Insights Affected: 2.2.2.125
    Affected: 2.2.2.126
    Affected: 5.0.1.150
    Affected: 5.0.1.154
    Affected: 5.1.0.131
    Affected: 5.1.0.135
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.1.1
    Affected: 6.1.2
    Affected: 6.1.3
    Affected: 6.2.1
    Affected: 6.2.2
    Affected: 6.3.1
    Affected: 6.4.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T18:09:26.289152Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T18:09:37.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2m)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1n)"
                },
                {
                  "status": "affected",
                  "version": "4.1(1g)"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard Insights",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.2.125"
                },
                {
                  "status": "affected",
                  "version": "2.2.2.126"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.150"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.154"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.131"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.135"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system.\r\n\r\nThis vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the\u0026nbsp;root user. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\nNote: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:29:22.721Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndi-afw-rJuRC5dZ",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndi-afw-rJuRC5dZ"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndi-afw-rJuRC5dZ",
            "defects": [
              "CSCws40848"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20174",
        "datePublished": "2026-04-01T16:29:22.721Z",
        "dateReserved": "2025-10-08T11:59:15.392Z",
        "dateUpdated": "2026-04-01T18:09:37.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-20491 (GCVE-0-2024-20491)

    Vulnerability from nvd – Published: 2024-10-02 16:55 – Updated: 2024-10-02 17:26
    VLAI
    Title
    Cisco Nexus Dashboard Insights Information Disclosure Vulnerability
    Summary
    A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Insights Affected: 2.2.2.125
    Affected: 2.2.2.126
    Affected: 5.0.1.150
    Affected: 5.0.1.154
    Affected: 5.1.0.131
    Affected: 5.1.0.135
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.1.1
    Affected: 6.1.2
    Affected: 6.1.3
    Affected: 6.2.1
    Affected: 6.2.2
    Affected: 6.3.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20491",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:17:53.944273Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:26:08.329Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard Insights",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.2.125"
                },
                {
                  "status": "affected",
                  "version": "2.2.2.126"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.150"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.154"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.131"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.135"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information.\r\n\r\nThis vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text.\r\nNote: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:55:25.503Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndhs-idv-Bk8VqEDc",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndhs-idv-Bk8VqEDc",
            "defects": [
              "CSCwk96544"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Insights Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20491",
        "datePublished": "2024-10-02T16:55:25.503Z",
        "dateReserved": "2023-11-08T15:08:07.685Z",
        "dateUpdated": "2024-10-02T17:26:08.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20490 (GCVE-0-2024-20490)

    Vulnerability from nvd – Published: 2024-10-02 16:55 – Updated: 2024-10-02 17:26
    VLAI
    Title
    Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability
    Summary
    A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Data Center Network Manager Affected: 12.1.1e
    Affected: 12.1.1p
    Affected: 12.1.2e
    Affected: 12.1.2p
    Affected: 12.1.3b
    Affected: 12.2.1
    Affected: 12.2.2
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Orchestrator Affected: 1.0(1i)
    Affected: 1.0(2b)
    Affected: 3.7(1d)
    Affected: 3.7(1g)
    Affected: 3.7(1h)
    Affected: 3.7(1j)
    Affected: 3.7(1i)
    Affected: 3.7(1k)
    Affected: 3.7(1l)
    Affected: 3.7(2d)
    Affected: 3.7(2e)
    Affected: 3.7(2f)
    Affected: 3.7(2g)
    Affected: 3.7(2h)
    Affected: 4.1(2e)
    Affected: 3.7(2i)
    Affected: 4.1(2h)
    Affected: 4.2(1d)
    Affected: 4.2(1e)
    Affected: 4.2(2e)
    Affected: 4.2(3e)
    Affected: 4.3.(1.1008)
    Affected: 4.2(3j)
    Affected: 4.2(3k)
    Affected: 4.4(1.1009)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20490",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:17:55.986708Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:26:15.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Data Center Network Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1.1e"
                },
                {
                  "status": "affected",
                  "version": "12.1.1p"
                },
                {
                  "status": "affected",
                  "version": "12.1.2e"
                },
                {
                  "status": "affected",
                  "version": "12.1.2p"
                },
                {
                  "status": "affected",
                  "version": "12.1.3b"
                },
                {
                  "status": "affected",
                  "version": "12.2.1"
                },
                {
                  "status": "affected",
                  "version": "12.2.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard Orchestrator",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "1.0(2b)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1d)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1g)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1h)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1j)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.7(2d)"
                },
                {
                  "status": "affected",
                  "version": "3.7(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.7(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.7(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.7(2h)"
                },
                {
                  "status": "affected",
                  "version": "4.1(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.7(2i)"
                },
                {
                  "status": "affected",
                  "version": "4.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "4.2(1d)"
                },
                {
                  "status": "affected",
                  "version": "4.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "4.2(2e)"
                },
                {
                  "status": "affected",
                  "version": "4.2(3e)"
                },
                {
                  "status": "affected",
                  "version": "4.3.(1.1008)"
                },
                {
                  "status": "affected",
                  "version": "4.2(3j)"
                },
                {
                  "status": "affected",
                  "version": "4.2(3k)"
                },
                {
                  "status": "affected",
                  "version": "4.4(1.1009)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information.\r\n\r\nThis vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network.\r\nNote: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:55:15.650Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndhs-idv-Bk8VqEDc",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndhs-idv-Bk8VqEDc",
            "defects": [
              "CSCwk96526"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20490",
        "datePublished": "2024-10-02T16:55:15.650Z",
        "dateReserved": "2023-11-08T15:08:07.685Z",
        "dateUpdated": "2024-10-02T17:26:15.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20281 (GCVE-0-2024-20281)

    Vulnerability from nvd – Published: 2024-04-03 16:20 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Data Center Network Manager Affected: 12.1(1)
    Affected: 12.1.1e
    Affected: 12.1.2e
    Affected: 12.1.3b
    Affected: 12.0.1a
    Affected: 12.0.2d
    Affected: 12.0.2f
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Orchestrator Affected: N/A
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Insights Affected: 2.2.2.125
    Affected: 2.2.2.126
    Affected: 5.0.1.150
    Affected: 5.0.1.154
    Affected: 5.1.0.131
    Affected: 5.1.0.135
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.1.1
    Affected: 6.1.2
    Affected: 6.1.3
    Affected: 6.3.1
    Affected: 6.2.1
    Affected: 6.2.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-05T19:36:14.483327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:22.646Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.178Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ndfccsrf-TEmZEfJ9",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfccsrf-TEmZEfJ9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Data Center Network Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1.1e"
                },
                {
                  "status": "affected",
                  "version": "12.1.2e"
                },
                {
                  "status": "affected",
                  "version": "12.1.3b"
                },
                {
                  "status": "affected",
                  "version": "12.0.1a"
                },
                {
                  "status": "affected",
                  "version": "12.0.2d"
                },
                {
                  "status": "affected",
                  "version": "12.0.2f"
                }
              ]
            },
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                }
              ]
            },
            {
              "product": "Cisco Nexus Dashboard Orchestrator",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Nexus Dashboard Insights",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.2.125"
                },
                {
                  "status": "affected",
                  "version": "2.2.2.126"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.150"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.154"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.131"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.135"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.\r\n\r Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:20:04.470Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndfccsrf-TEmZEfJ9",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfccsrf-TEmZEfJ9"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndfccsrf-TEmZEfJ9",
            "defects": [
              "CSCwf16632",
              "CSCwh13498",
              "CSCwh00221",
              "CSCwh00212"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20281",
        "datePublished": "2024-04-03T16:20:04.470Z",
        "dateReserved": "2023-11-08T15:08:07.626Z",
        "dateUpdated": "2024-08-01T21:59:41.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-20174 (GCVE-0-2026-20174)

    Vulnerability from cvelistv5 – Published: 2026-04-01 16:29 – Updated: 2026-04-01 18:09
    VLAI
    Title
    Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability
    Summary
    A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials. Note: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Affected: 3.1(1k)
    Affected: 3.1(1l)
    Affected: 3.2(1e)
    Affected: 3.2(1i)
    Affected: 3.3(1a)
    Affected: 3.3(1b)
    Affected: 3.3(2b)
    Affected: 4.0(1i)
    Affected: 3.3(2g)
    Affected: 3.2(2f)
    Affected: 3.2(2g)
    Affected: 3.2(2m)
    Affected: 3.1(1n)
    Affected: 4.1(1g)
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Insights Affected: 2.2.2.125
    Affected: 2.2.2.126
    Affected: 5.0.1.150
    Affected: 5.0.1.154
    Affected: 5.1.0.131
    Affected: 5.1.0.135
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.1.1
    Affected: 6.1.2
    Affected: 6.1.3
    Affected: 6.2.1
    Affected: 6.2.2
    Affected: 6.3.1
    Affected: 6.4.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T18:09:26.289152Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T18:09:37.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1a)"
                },
                {
                  "status": "affected",
                  "version": "3.3(1b)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "4.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.3(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.2(2m)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1n)"
                },
                {
                  "status": "affected",
                  "version": "4.1(1g)"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard Insights",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.2.125"
                },
                {
                  "status": "affected",
                  "version": "2.2.2.126"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.150"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.154"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.131"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.135"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system.\r\n\r\nThis vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the\u0026nbsp;root user. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\nNote: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:29:22.721Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndi-afw-rJuRC5dZ",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndi-afw-rJuRC5dZ"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndi-afw-rJuRC5dZ",
            "defects": [
              "CSCws40848"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20174",
        "datePublished": "2026-04-01T16:29:22.721Z",
        "dateReserved": "2025-10-08T11:59:15.392Z",
        "dateUpdated": "2026-04-01T18:09:37.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-20491 (GCVE-0-2024-20491)

    Vulnerability from cvelistv5 – Published: 2024-10-02 16:55 – Updated: 2024-10-02 17:26
    VLAI
    Title
    Cisco Nexus Dashboard Insights Information Disclosure Vulnerability
    Summary
    A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Nexus Dashboard Insights Affected: 2.2.2.125
    Affected: 2.2.2.126
    Affected: 5.0.1.150
    Affected: 5.0.1.154
    Affected: 5.1.0.131
    Affected: 5.1.0.135
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.1.1
    Affected: 6.1.2
    Affected: 6.1.3
    Affected: 6.2.1
    Affected: 6.2.2
    Affected: 6.3.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20491",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:17:53.944273Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:26:08.329Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard Insights",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.2.125"
                },
                {
                  "status": "affected",
                  "version": "2.2.2.126"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.150"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.154"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.131"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.135"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information.\r\n\r\nThis vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text.\r\nNote: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:55:25.503Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndhs-idv-Bk8VqEDc",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndhs-idv-Bk8VqEDc",
            "defects": [
              "CSCwk96544"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Insights Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20491",
        "datePublished": "2024-10-02T16:55:25.503Z",
        "dateReserved": "2023-11-08T15:08:07.685Z",
        "dateUpdated": "2024-10-02T17:26:08.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20490 (GCVE-0-2024-20490)

    Vulnerability from cvelistv5 – Published: 2024-10-02 16:55 – Updated: 2024-10-02 17:26
    VLAI
    Title
    Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability
    Summary
    A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Data Center Network Manager Affected: 12.1.1e
    Affected: 12.1.1p
    Affected: 12.1.2e
    Affected: 12.1.2p
    Affected: 12.1.3b
    Affected: 12.2.1
    Affected: 12.2.2
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Orchestrator Affected: 1.0(1i)
    Affected: 1.0(2b)
    Affected: 3.7(1d)
    Affected: 3.7(1g)
    Affected: 3.7(1h)
    Affected: 3.7(1j)
    Affected: 3.7(1i)
    Affected: 3.7(1k)
    Affected: 3.7(1l)
    Affected: 3.7(2d)
    Affected: 3.7(2e)
    Affected: 3.7(2f)
    Affected: 3.7(2g)
    Affected: 3.7(2h)
    Affected: 4.1(2e)
    Affected: 3.7(2i)
    Affected: 4.1(2h)
    Affected: 4.2(1d)
    Affected: 4.2(1e)
    Affected: 4.2(2e)
    Affected: 4.2(3e)
    Affected: 4.3.(1.1008)
    Affected: 4.2(3j)
    Affected: 4.2(3k)
    Affected: 4.4(1.1009)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20490",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:17:55.986708Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:26:15.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Data Center Network Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1.1e"
                },
                {
                  "status": "affected",
                  "version": "12.1.1p"
                },
                {
                  "status": "affected",
                  "version": "12.1.2e"
                },
                {
                  "status": "affected",
                  "version": "12.1.2p"
                },
                {
                  "status": "affected",
                  "version": "12.1.3b"
                },
                {
                  "status": "affected",
                  "version": "12.2.1"
                },
                {
                  "status": "affected",
                  "version": "12.2.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Nexus Dashboard Orchestrator",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0(1i)"
                },
                {
                  "status": "affected",
                  "version": "1.0(2b)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1d)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1g)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1h)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1j)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1i)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1k)"
                },
                {
                  "status": "affected",
                  "version": "3.7(1l)"
                },
                {
                  "status": "affected",
                  "version": "3.7(2d)"
                },
                {
                  "status": "affected",
                  "version": "3.7(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.7(2f)"
                },
                {
                  "status": "affected",
                  "version": "3.7(2g)"
                },
                {
                  "status": "affected",
                  "version": "3.7(2h)"
                },
                {
                  "status": "affected",
                  "version": "4.1(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.7(2i)"
                },
                {
                  "status": "affected",
                  "version": "4.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "4.2(1d)"
                },
                {
                  "status": "affected",
                  "version": "4.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "4.2(2e)"
                },
                {
                  "status": "affected",
                  "version": "4.2(3e)"
                },
                {
                  "status": "affected",
                  "version": "4.3.(1.1008)"
                },
                {
                  "status": "affected",
                  "version": "4.2(3j)"
                },
                {
                  "status": "affected",
                  "version": "4.2(3k)"
                },
                {
                  "status": "affected",
                  "version": "4.4(1.1009)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information.\r\n\r\nThis vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network.\r\nNote: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:55:15.650Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndhs-idv-Bk8VqEDc",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndhs-idv-Bk8VqEDc",
            "defects": [
              "CSCwk96526"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20490",
        "datePublished": "2024-10-02T16:55:15.650Z",
        "dateReserved": "2023-11-08T15:08:07.685Z",
        "dateUpdated": "2024-10-02T17:26:15.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20281 (GCVE-0-2024-20281)

    Vulnerability from cvelistv5 – Published: 2024-04-03 16:20 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Data Center Network Manager Affected: 12.1(1)
    Affected: 12.1.1e
    Affected: 12.1.2e
    Affected: 12.1.3b
    Affected: 12.0.1a
    Affected: 12.0.2d
    Affected: 12.0.2f
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
    Affected: 1.1(0d)
    Affected: 1.1(2h)
    Affected: 1.1(2i)
    Affected: 1.1(3c)
    Affected: 1.1(3d)
    Affected: 1.1(3e)
    Affected: 1.1(3f)
    Affected: 2.0(1b)
    Affected: 2.0(1d)
    Affected: 2.0(2g)
    Affected: 2.0(2h)
    Affected: 2.1(1d)
    Affected: 2.1(1e)
    Affected: 2.1(2d)
    Affected: 2.1(2f)
    Affected: 2.2(1e)
    Affected: 2.2(1h)
    Affected: 2.2(2d)
    Affected: 2.3(1c)
    Affected: 2.3(2b)
    Affected: 2.3(2c)
    Affected: 2.3(2d)
    Affected: 2.3(2e)
    Affected: 3.0(1f)
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Orchestrator Affected: N/A
    Create a notification for this product.
    Cisco Cisco Nexus Dashboard Insights Affected: 2.2.2.125
    Affected: 2.2.2.126
    Affected: 5.0.1.150
    Affected: 5.0.1.154
    Affected: 5.1.0.131
    Affected: 5.1.0.135
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.1.1
    Affected: 6.1.2
    Affected: 6.1.3
    Affected: 6.3.1
    Affected: 6.2.1
    Affected: 6.2.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-05T19:36:14.483327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:22.646Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.178Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ndfccsrf-TEmZEfJ9",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfccsrf-TEmZEfJ9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Data Center Network Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1.1e"
                },
                {
                  "status": "affected",
                  "version": "12.1.2e"
                },
                {
                  "status": "affected",
                  "version": "12.1.3b"
                },
                {
                  "status": "affected",
                  "version": "12.0.1a"
                },
                {
                  "status": "affected",
                  "version": "12.0.2d"
                },
                {
                  "status": "affected",
                  "version": "12.0.2f"
                }
              ]
            },
            {
              "product": "Cisco Nexus Dashboard",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1(0c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(0d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2h)"
                },
                {
                  "status": "affected",
                  "version": "1.1(2i)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3c)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3d)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3e)"
                },
                {
                  "status": "affected",
                  "version": "1.1(3f)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1b)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2g)"
                },
                {
                  "status": "affected",
                  "version": "2.0(2h)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.1(2f)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1e)"
                },
                {
                  "status": "affected",
                  "version": "2.2(1h)"
                },
                {
                  "status": "affected",
                  "version": "2.2(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2b)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2c)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2d)"
                },
                {
                  "status": "affected",
                  "version": "2.3(2e)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1f)"
                }
              ]
            },
            {
              "product": "Cisco Nexus Dashboard Orchestrator",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Nexus Dashboard Insights",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.2.125"
                },
                {
                  "status": "affected",
                  "version": "2.2.2.126"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.150"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.154"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.131"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.135"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.\r\n\r Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:20:04.470Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ndfccsrf-TEmZEfJ9",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfccsrf-TEmZEfJ9"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ndfccsrf-TEmZEfJ9",
            "defects": [
              "CSCwf16632",
              "CSCwh13498",
              "CSCwh00221",
              "CSCwh00212"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20281",
        "datePublished": "2024-04-03T16:20:04.470Z",
        "dateReserved": "2023-11-08T15:08:07.626Z",
        "dateUpdated": "2024-08-01T21:59:41.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }