Lucene search
+L
CiscoNexus Dashboard

26 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6954 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
CVE
CVE
added 2022/07/21 3:45 a.m.131 views

CVE-2022-20858

CVE-2022-20858 affects Cisco Nexus Dashboard for data centers/cloud networks. The issue stems from insufficient access control on a specific API, enabling an unauthenticated, remote attacker to execute arbitrary commands and read or upload container image files, and to perform a CSRF attack. Affe...

9.8CVSS8.6AI score0.01218EPSS
CVE
CVE
added 2022/07/21 3:45 a.m.106 views

CVE-2022-20860

CVE-2022-20860 affects Cisco Nexus Dashboard SSL/TLS certificate validation. The issue arises when Nexus Dashboard connects to APIC/Cloud APIC/ND Fabric Controller, where server certificates are not validated, enabling a man-in-the-middle to impersonate controllers and potentially alter communica...

7.4CVSS6.9AI score0.00506EPSS
CVE
CVE
added 2024/10/02 4:53 p.m.106 views

CVE-2024-20442

Cisco Nexus Dashboard exposes a REST API vulnerability due to insufficient authorization controls on certain endpoints. An authenticated, low-privileged, remote attacker could perform limited Administrator actions such as viewing portions of the web UI, generating config backups, or deleting tech...

5.4CVSS5.2AI score0.00362EPSS
CVE
CVE
added 2022/07/21 3:45 a.m.99 views

CVE-2022-20857

Cisco Nexus Dashboard for data centers is affected by multiple unauthenticated remote-code-execution, container-image read/write, and CSRF vulnerabilities (CVE-2022-20857). The Cisco advisory states these issues affect Nexus Dashboard 1.1 and later and are addressed by fixes in version 2.2(1e). T...

9.8CVSS8.6AI score0.01513EPSS
CVE
CVE
added 2023/02/16 3:27 p.m.99 views

CVE-2023-20053

Cisco Nexus Dashboard’s web-based management interface is affected by a cross-site scripting (XSS) vulnerability due to insufficient input validation. An unauthenticated, remote attacker could lure a user into clicking a crafted link, allowing execution of arbitrary script code in the affected in...

6.1CVSS5.9AI score0.00519EPSS
CVE
CVE
added 2024/04/03 4:25 p.m.98 views

CVE-2024-20283

Cisco Nexus Dashboard contains an information-disclosure vulnerability (CVE-2024-20283) due to improper access controls on a specific API endpoint. An authenticated remote attacker could query the API to access metrics and deployment information for devices within the Nexus Dashboard cluster. The...

4.3CVSS6.6AI score0.00407EPSS
CVE
CVE
added 2023/02/16 3:24 p.m.97 views

CVE-2023-20014

Cisco Nexus Dashboard Software is affected by CVE-2023-20014, a denial-of-service vulnerability in the DNS functionality caused by improper processing of DNS requests. An unauthenticated, remote attacker can repeatedly send DNS queries to trigger the coredns service to stop or the device to reloa...

7.5CVSS7.6AI score0.00952EPSS
CVE
CVE
added 2022/07/21 3:45 a.m.96 views

CVE-2022-20861

Cisco Nexus Dashboard CVE-2022-20861 comprises multiple vulnerabilities allowing an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery (CSRF) attack. Affected versions include 1.1 and later; remediation is ...

9.8CVSS8.1AI score0.0057EPSS
CVE
CVE
added 2024/10/02 4:53 p.m.91 views

CVE-2024-20438

Cisco Nexus Dashboard Fabric Controller (NDFC) REST API vulnerability allows an authenticated, low-privileged, remote attacker to read or write files on an affected device due to missing authorization controls on certain REST endpoints. The issue affects the NDFC/Nexus Dashboard REST APIs (subset...

6.3CVSS5.7AI score0.00362EPSS
CVE
CVE
added 2024/10/02 4:53 p.m.89 views

CVE-2024-20441

CVE-2024-20441 affects Cisco Nexus Dashboard Fabric Controller (NDFC) REST API endpoint. The issue arises from insufficient authorization controls on the endpoint, enabling an authenticated, low-privilege, remote attacker to access sensitive configuration data. A successful exploit could allow do...

6.5CVSS5.6AI score0.00463EPSS
CVE
CVE
added 2025/06/04 4:17 p.m.87 views

CVE-2025-20163

Cisco Nexus Dashboard Fabric Controller (NDFC) is affected by an SSH host key validation issue that enables unauthenticated, remote MITM-style impersonation of NDFC-managed devices, potentially allowing credential interception. Root cause: insufficient SSH host key validation in NDFC’s SSH implem...

8.7CVSS7AI score0.00378EPSS
CVE
CVE
added 2024/10/02 4:55 p.m.84 views

CVE-2024-20477

Cisco CVE-2024-20477 concerns an unauthorized REST API endpoint in Cisco Nexus Dashboard Fabric Controller (NDFC). An authenticated, low-privilege, remote attacker could bypass authorization on this endpoint and upload files into a specific container or delete files from a folder within that cont...

5.4CVSS5.4AI score0.00453EPSS
CVE
CVE
added 2022/07/21 4:1 a.m.83 views

CVE-2022-20909

CVE-2022-20909 refers to multiple privilege-escalation flaws in Cisco Nexus Dashboard caused by insufficient input validation during CLI command execution. An authenticated, local attacker who can sign in as the rescue-user could craft a malicious payload to run vulnerable CLI commands and elevat...

6.7CVSS6.5AI score0.00216EPSS
CVE
CVE
added 2022/07/21 3:50 a.m.82 views

CVE-2022-20907

CVE-2022-20907 : In Cisco Nexus Dashboard, there are privilege-escalation vulnerabilities caused by insufficient input validation during CLI command execution. An authenticated local attacker could log in as the rescue-user and run a malicious payload to elevate privileges to root on the device. ...

6.7CVSS6.5AI score0.00205EPSS
CVE
CVE
added 2022/07/21 4:5 a.m.82 views

CVE-2022-20913

CVE-2022-20913 affects Cisco Nexus Dashboard. The vulnerability arises from insufficient input validation in the web-based management interface, enabling an authenticated administrator to upload a crafted file and overwrite arbitrary files on the device. Exploitation requires admin credentials an...

6.5CVSS5.4AI score0.01035EPSS
CVE
CVE
added 2024/04/03 4:20 p.m.81 views

CVE-2024-20281

CVE-2024-20281 affects Cisco Nexus Dashboard and Nexus Dashboard Hosted Services web-based management interface. The vulnerability is a CSRF flaw due to insufficient protections, enabling an unauthenticated, remote attacker to persuade a user to click a malicious link and perform actions with the...

8.8CVSS7.4AI score0.0026EPSS
CVE
CVE
added 2022/07/21 3:50 a.m.72 views

CVE-2022-20908

CVE-2022-20908 affects Cisco Nexus Dashboard. It is a privilege-escalation vulnerability caused by insufficient input validation during CLI command execution. An attacker authenticating as the rescue-user could execute vulnerable CLI commands with a malicious payload to gain root privileges. Mult...

6.7CVSS6.5AI score0.00216EPSS
CVE
CVE
added 2024/04/03 4:20 p.m.70 views

CVE-2024-20282

CVE-2024-20282 — Cisco Nexus Dashboard Privilege Elevation : A vulnerability in Cisco Nexus Dashboard allows an authenticated, local attacker with valid rescue-user credentials to escalate to root. The issue stems from insufficient protections for a sensitive access token, enabling access to reso...

6CVSS6.7AI score0.00168EPSS
CVE
CVE
added 2022/07/21 3:50 a.m.67 views

CVE-2022-20906

CVE-2022-20906 affects Cisco Nexus Dashboard with multiple privilege-escalation vulnerabilities due to insufficient input validation during CLI command execution. An authenticated local attacker could log in as the rescue-user and craft a malicious payload to run vulnerable CLI commands, potentia...

6.7CVSS6.5AI score0.00205EPSS
CVE
CVE
added 2026/04/01 4:27 p.m.67 views

CVE-2026-20042

The CVE-2026-20042 issue affects Cisco Nexus Dashboard’s configuration backup feature. The root cause is that authentication details are stored in encrypted backup files, and an attacker with a valid backup file and the encryption password can decrypt the backup to retrieve sensitive information....

6.5CVSS6.1AI score0.00293EPSS
CVE
CVE
added 2025/04/16 4:7 p.m.65 views

CVE-2025-20150

CVE-2025-20150 affects Cisco Nexus Dashboard. The issue is caused by improper handling of LDAP authentication requests, enabling an unauthenticated remote attacker to enumerate valid LDAP usernames. The vulnerability is exploitable over the network with low attack complexity and no privileges req...

5.3CVSS5.5AI score0.00501EPSS
CVE
CVE
added 2026/04/01 4:29 p.m.53 views

CVE-2026-20174

Cisco Nexus Dashboard Insights metadata update feature is vulnerable to arbitrary file write. The issue arises from insufficient validation of the metadata update file, allowing an authenticated attacker with admin credentials to craft a metadata update file and upload it to an affected device, p...

4.9CVSS6AI score0.00489EPSS
CVE
CVE
added 2025/08/27 4:22 p.m.41 views

CVE-2025-20347

Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller (NDFC) have missing authorization controls on certain REST API endpoints. An authenticated, low-privileged attacker could view sensitive information or upload/modify files via crafted API requests, potentially executing limited Administr...

5.4CVSS6.3AI score0.00232EPSS
CVE
CVE
added 2025/08/27 4:23 p.m.29 views

CVE-2025-20348

Summary: CVE-2025-20348 affects Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller (NDFC). The issue arises from missing authorization controls on REST API endpoints, allowing an authenticated, low-privileged attacker to view sensitive information or upload/modify files. The impact inclu...

5CVSS6.3AI score0.00273EPSS
CVE
CVE
added 2025/08/27 4:22 p.m.23 views

CVE-2025-20344

CVE-2025-20344 — Cisco Nexus Dashboard Path Traversal Affected product: Cisco Nexus Dashboard. Summary: An authenticated administrator can exploit the backup restore functionality due to insufficient validation of the contents of a crafted backup file. Successful exploitation could grant root pri...

7.2CVSS6.7AI score0.0055EPSS