CVE-2024-20442

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...

CVE-2024-20444

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

CVE-2024-20442

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...

CVE-2024-20438

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...

CVE-2024-20441

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could...

CVE-2024-20432

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

CVE-2024-20432

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

CVE-2024-20477 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could...

CVE-2024-20477

Cisco CVE-2024-20477 concerns an unauthorized REST API endpoint in Cisco Nexus Dashboard Fabric Controller (NDFC). An authenticated, low-privilege, remote attacker could bypass authorization on this endpoint and upload files into a specific container or delete files from a folder within that cont...

CVE-2024-20477 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could...

CVE-2024-20444 Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

CVE-2024-20444

CVE-2024-20444 affects Cisco Nexus Dashboard Fabric Controller (NDFC). Root cause: insufficient validation of command arguments in a REST API endpoint, enabling an authenticated, network-admin-user to perform a command-injection attack. Potential impact per sources: ability to overwrite sensitive...

CVE-2024-20444 Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

CVE-2024-20442 Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...

CVE-2024-20442

Cisco Nexus Dashboard exposes a REST API vulnerability due to insufficient authorization controls on certain endpoints. An authenticated, low-privileged, remote attacker could perform limited Administrator actions such as viewing portions of the web UI, generating config backups, or deleting tech...

CVE-2024-20441

CVE-2024-20441 affects Cisco Nexus Dashboard Fabric Controller (NDFC) REST API endpoint. The issue arises from insufficient authorization controls on the endpoint, enabling an authenticated, low-privilege, remote attacker to access sensitive configuration data. A successful exploit could allow do...

CVE-2024-20441 Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could...

CVE-2024-20438 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...

CVE-2024-20438

Cisco Nexus Dashboard Fabric Controller (NDFC) REST API vulnerability allows an authenticated, low-privileged, remote attacker to read or write files on an affected device due to missing authorization controls on certain REST endpoints. The issue affects the NDFC/Nexus Dashboard REST APIs (subset...

CVE-2024-20438 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...