CVE-2024-20432
- EPSS 1.1%
- Published 02.10.2024 17:15:15
- Last modified 08.10.2024 14:10:35
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability i...
CVE-2024-20438
- EPSS 0.08%
- Published 02.10.2024 17:15:15
- Last modified 08.10.2024 13:54:46
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST AP...
CVE-2024-20441
- EPSS 0.07%
- Published 02.10.2024 17:15:15
- Last modified 08.10.2024 13:45:07
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on t...
CVE-2024-20348
- EPSS 0.65%
- Published 03.04.2024 17:15:49
- Last modified 07.05.2025 16:08:57
A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisi...
CVE-2024-20281
- EPSS 1.52%
- Published 03.04.2024 17:15:47
- Last modified 07.05.2025 14:47:49
A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. T...