26 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2022-20858
CVE-2022-20858 affects Cisco Nexus Dashboard for data centers/cloud networks. The issue stems from insufficient access control on a specific API, enabling an unauthenticated, remote attacker to execute arbitrary commands and read or upload container image files, and to perform a CSRF attack. Affe...
CVE-2022-20860
CVE-2022-20860 affects Cisco Nexus Dashboard SSL/TLS certificate validation. The issue arises when Nexus Dashboard connects to APIC/Cloud APIC/ND Fabric Controller, where server certificates are not validated, enabling a man-in-the-middle to impersonate controllers and potentially alter communica...
CVE-2024-20442
Cisco Nexus Dashboard exposes a REST API vulnerability due to insufficient authorization controls on certain endpoints. An authenticated, low-privileged, remote attacker could perform limited Administrator actions such as viewing portions of the web UI, generating config backups, or deleting tech...
CVE-2022-20857
Cisco Nexus Dashboard for data centers is affected by multiple unauthenticated remote-code-execution, container-image read/write, and CSRF vulnerabilities (CVE-2022-20857). The Cisco advisory states these issues affect Nexus Dashboard 1.1 and later and are addressed by fixes in version 2.2(1e). T...
CVE-2023-20053
Cisco Nexus Dashboard’s web-based management interface is affected by a cross-site scripting (XSS) vulnerability due to insufficient input validation. An unauthenticated, remote attacker could lure a user into clicking a crafted link, allowing execution of arbitrary script code in the affected in...
CVE-2024-20283
Cisco Nexus Dashboard contains an information-disclosure vulnerability (CVE-2024-20283) due to improper access controls on a specific API endpoint. An authenticated remote attacker could query the API to access metrics and deployment information for devices within the Nexus Dashboard cluster. The...
CVE-2023-20014
Cisco Nexus Dashboard Software is affected by CVE-2023-20014, a denial-of-service vulnerability in the DNS functionality caused by improper processing of DNS requests. An unauthenticated, remote attacker can repeatedly send DNS queries to trigger the coredns service to stop or the device to reloa...
CVE-2022-20861
Cisco Nexus Dashboard CVE-2022-20861 comprises multiple vulnerabilities allowing an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery (CSRF) attack. Affected versions include 1.1 and later; remediation is ...
CVE-2024-20438
Cisco Nexus Dashboard Fabric Controller (NDFC) REST API vulnerability allows an authenticated, low-privileged, remote attacker to read or write files on an affected device due to missing authorization controls on certain REST endpoints. The issue affects the NDFC/Nexus Dashboard REST APIs (subset...
CVE-2024-20441
CVE-2024-20441 affects Cisco Nexus Dashboard Fabric Controller (NDFC) REST API endpoint. The issue arises from insufficient authorization controls on the endpoint, enabling an authenticated, low-privilege, remote attacker to access sensitive configuration data. A successful exploit could allow do...
CVE-2025-20163
Cisco Nexus Dashboard Fabric Controller (NDFC) is affected by an SSH host key validation issue that enables unauthenticated, remote MITM-style impersonation of NDFC-managed devices, potentially allowing credential interception. Root cause: insufficient SSH host key validation in NDFC’s SSH implem...
CVE-2024-20477
Cisco CVE-2024-20477 concerns an unauthorized REST API endpoint in Cisco Nexus Dashboard Fabric Controller (NDFC). An authenticated, low-privilege, remote attacker could bypass authorization on this endpoint and upload files into a specific container or delete files from a folder within that cont...
CVE-2022-20909
CVE-2022-20909 refers to multiple privilege-escalation flaws in Cisco Nexus Dashboard caused by insufficient input validation during CLI command execution. An authenticated, local attacker who can sign in as the rescue-user could craft a malicious payload to run vulnerable CLI commands and elevat...
CVE-2022-20907
CVE-2022-20907 : In Cisco Nexus Dashboard, there are privilege-escalation vulnerabilities caused by insufficient input validation during CLI command execution. An authenticated local attacker could log in as the rescue-user and run a malicious payload to elevate privileges to root on the device. ...
CVE-2022-20913
CVE-2022-20913 affects Cisco Nexus Dashboard. The vulnerability arises from insufficient input validation in the web-based management interface, enabling an authenticated administrator to upload a crafted file and overwrite arbitrary files on the device. Exploitation requires admin credentials an...
CVE-2024-20281
CVE-2024-20281 affects Cisco Nexus Dashboard and Nexus Dashboard Hosted Services web-based management interface. The vulnerability is a CSRF flaw due to insufficient protections, enabling an unauthenticated, remote attacker to persuade a user to click a malicious link and perform actions with the...
CVE-2022-20908
CVE-2022-20908 affects Cisco Nexus Dashboard. It is a privilege-escalation vulnerability caused by insufficient input validation during CLI command execution. An attacker authenticating as the rescue-user could execute vulnerable CLI commands with a malicious payload to gain root privileges. Mult...
CVE-2024-20282
CVE-2024-20282 — Cisco Nexus Dashboard Privilege Elevation : A vulnerability in Cisco Nexus Dashboard allows an authenticated, local attacker with valid rescue-user credentials to escalate to root. The issue stems from insufficient protections for a sensitive access token, enabling access to reso...
CVE-2022-20906
CVE-2022-20906 affects Cisco Nexus Dashboard with multiple privilege-escalation vulnerabilities due to insufficient input validation during CLI command execution. An authenticated local attacker could log in as the rescue-user and craft a malicious payload to run vulnerable CLI commands, potentia...
CVE-2026-20042
The CVE-2026-20042 issue affects Cisco Nexus Dashboard’s configuration backup feature. The root cause is that authentication details are stored in encrypted backup files, and an attacker with a valid backup file and the encryption password can decrypt the backup to retrieve sensitive information....
CVE-2025-20150
CVE-2025-20150 affects Cisco Nexus Dashboard. The issue is caused by improper handling of LDAP authentication requests, enabling an unauthenticated remote attacker to enumerate valid LDAP usernames. The vulnerability is exploitable over the network with low attack complexity and no privileges req...
CVE-2026-20174
Cisco Nexus Dashboard Insights metadata update feature is vulnerable to arbitrary file write. The issue arises from insufficient validation of the metadata update file, allowing an authenticated attacker with admin credentials to craft a metadata update file and upload it to an affected device, p...
CVE-2025-20347
Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller (NDFC) have missing authorization controls on certain REST API endpoints. An authenticated, low-privileged attacker could view sensitive information or upload/modify files via crafted API requests, potentially executing limited Administr...
CVE-2025-20348
Summary: CVE-2025-20348 affects Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller (NDFC). The issue arises from missing authorization controls on REST API endpoints, allowing an authenticated, low-privileged attacker to view sensitive information or upload/modify files. The impact inclu...
CVE-2025-20344
CVE-2025-20344 — Cisco Nexus Dashboard Path Traversal Affected product: Cisco Nexus Dashboard. Summary: An authenticated administrator can exploit the backup restore functionality due to insufficient validation of the contents of a crafted backup file. Successful exploitation could grant root pri...