Nexus Dashboard@* Security Vulnerabilities and Issues — Nexus Dashboard@* CVE List

Lucene search

CiscoNexus Dashboard*

15 matches found

CVE•added 2021/12/10 10:15 a.m.•5907 views

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message ...

10CVSS10AI score0.94358EPSS

In wildWeb

CVE•added 2023/03/01 8:15 a.m.•80 views

CVE-2023-20014

A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a co...

7.5CVSS7.6AI score0.00482EPSS

CVE•added 2024/04/03 5:15 p.m.•78 views

CVE-2024-20283

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to ...

4.3CVSS6.6AI score0.00224EPSS

CVE•added 2023/03/01 8:15 a.m.•76 views

CVE-2023-20053

A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user in...

6.1CVSS5.9AI score0.00096EPSS

CVE•added 2024/10/02 5:15 p.m.•71 views

CVE-2024-20442

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker c...

5.4CVSS5.2AI score0.00086EPSS

CVE•added 2024/10/02 5:15 p.m.•69 views

CVE-2024-20477

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could explo...

5.4CVSS5.4AI score0.00253EPSS

CVE•added 2024/10/02 5:15 p.m.•66 views

CVE-2024-20438

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerab...

6.3CVSS5.7AI score0.00075EPSS

CVE•added 2024/04/03 5:15 p.m.•65 views

CVE-2024-20281

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protec...

8.8CVSS7.4AI score0.01524EPSS

CVE•added 2024/10/02 5:15 p.m.•62 views

CVE-2024-20441

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exp...

6.5CVSS5.6AI score0.00066EPSS

CVE•added 2025/06/04 5:15 p.m.•59 views

CVE-2025-20163

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by p...

8.7CVSS7AI score0.00041EPSS

CVE•added 2024/04/03 5:15 p.m.•56 views

CVE-2024-20282

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerabil...

6CVSS6.7AI score0.00052EPSS

CVE•added 2025/04/16 4:15 p.m.•48 views

CVE-2025-20150

A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affecte...

5.3CVSS5.5AI score0.00038EPSS

CVE•added 2025/08/27 5:15 p.m.•7 views

CVE-2025-20348

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of mi...

5CVSS6.3AI score0.00046EPSS

CVE•added 2025/08/27 5:15 p.m.•6 views

CVE-2025-20344

A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administ...

7.2CVSS6.7AI score0.00067EPSS

CVE•added 2025/08/27 5:15 p.m.•6 views

CVE-2025-20347

5.4CVSS6.3AI score0.0006EPSS