6.1
CVE-2026-20041
- EPSS 0.02%
- Veröffentlicht 01.04.2026 16:27:49
- Zuletzt bearbeitet 03.04.2026 16:11:11
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Nexus Dashboard Server Side Request Forgery Vulnerability
A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco Nexus Dashboard
Default Statusunknown
Version
1.1(3e)
Status
affected
Version
1.1(3c)
Status
affected
Version
1.1(3d)
Status
affected
Version
1.1(0d)
Status
affected
Version
1.1(2i)
Status
affected
Version
2.0(1b)
Status
affected
Version
1.1(2h)
Status
affected
Version
1.1(0c)
Status
affected
Version
1.1(3f)
Status
affected
Version
2.1(1d)
Status
affected
Version
2.1(1e)
Status
affected
Version
2.0(2g)
Status
affected
Version
2.0(2h)
Status
affected
Version
2.1(2d)
Status
affected
Version
2.0(1d)
Status
affected
Version
2.2(1h)
Status
affected
Version
2.2(1e)
Status
affected
Version
2.2(2d)
Status
affected
Version
2.1(2f)
Status
affected
Version
2.3(1c)
Status
affected
Version
2.3(2b)
Status
affected
Version
2.3(2c)
Status
affected
Version
2.3(2d)
Status
affected
Version
2.3(2e)
Status
affected
Version
3.0(1f)
Status
affected
Version
3.0(1i)
Status
affected
Version
3.1(1k)
Status
affected
Version
3.1(1l)
Status
affected
Version
3.2(1e)
Status
affected
Version
3.2(1i)
Status
affected
Version
3.3(1a)
Status
affected
Version
3.3(1b)
Status
affected
Version
3.3(2b)
Status
affected
Version
4.0(1i)
Status
affected
Version
3.3(2g)
Status
affected
Version
3.2(2f)
Status
affected
Version
3.2(2g)
Status
affected
Version
3.2(2m)
Status
affected
Version
3.1(1n)
Status
affected
Version
4.1(1g)
Status
affected
HerstellerCisco
≫
Produkt
Cisco Nexus Dashboard Insights
Default Statusunknown
Version
2.2.2.125
Status
affected
Version
2.2.2.126
Status
affected
Version
5.0.1.150
Status
affected
Version
5.0.1.154
Status
affected
Version
5.1.0.131
Status
affected
Version
5.1.0.135
Status
affected
Version
6.0.1
Status
affected
Version
6.0.2
Status
affected
Version
6.1.1
Status
affected
Version
6.1.2
Status
affected
Version
6.1.3
Status
affected
Version
6.2.1
Status
affected
Version
6.2.2
Status
affected
Version
6.3.1
Status
affected
Version
6.4.1
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.064 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.