Lucene search

K
cve[email protected]CVE-2024-20348
HistoryApr 03, 2024 - 5:15 p.m.

CVE-2024-20348

2024-04-0317:15:49
CWE-27
web.nvd.nist.gov
51
cve-2024-20348
out-of-band plug and play
cisco nexus dashboard fabric controller
unauthenticated
remote attacker
arbitrary files
web server
exploit
sensitive files
pnp infrastructure

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files.

This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Data Center Network Manager",
    "versions": [
      {
        "version": "12.1.3b",
        "status": "affected"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for CVE-2024-20348