CVE-2024-20432
- EPSS 1.1%
- Veröffentlicht 02.10.2024 17:15:15
- Zuletzt bearbeitet 08.10.2024 14:10:35
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability i...
CVE-2024-20438
- EPSS 0.08%
- Veröffentlicht 02.10.2024 17:15:15
- Zuletzt bearbeitet 08.10.2024 13:54:46
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST AP...
CVE-2024-20441
- EPSS 0.07%
- Veröffentlicht 02.10.2024 17:15:15
- Zuletzt bearbeitet 08.10.2024 13:45:07
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on t...
CVE-2024-20348
- EPSS 0.65%
- Veröffentlicht 03.04.2024 17:15:49
- Zuletzt bearbeitet 07.05.2025 16:08:57
A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisi...
CVE-2024-20281
- EPSS 1.52%
- Veröffentlicht 03.04.2024 17:15:47
- Zuletzt bearbeitet 07.05.2025 14:47:49
A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. T...