4 results (0.010 seconds)

CVSS: 5.4EPSS: 0%CPEs: 28EXPL: 0

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN •

CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster. Una vulnerabilidad en Cisco Nexus Dashboard podría permitir que un atacante remoto autenticado obtenga información de implementación del clúster en un dispositivo afectado. Esta vulnerabilidad se debe a controles de acceso inadecuados en un endpoint API específico. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2 • CWE-284: Improper Access Control •

CVSS: 6.0EPSS: 0%CPEs: 26EXPL: 0

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device. Una vulnerabilidad en Cisco Nexus Dashboard podría permitir que un atacante local autenticado con credenciales válidas de usuario de rescate eleve los privilegios a root en un dispositivo afectado. Esta vulnerabilidad se debe a protecciones insuficientes para un token de acceso confidencial. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability. Una vulnerabilidad en la interfaz de administración basada en web de Cisco Nexus Dashboard y los servicios alojados de Cisco Nexus Dashboard podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de falsificación de solicitud entre sitios (CSRF) en un SYSTEM afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfccsrf-TEmZEfJ9 • CWE-352: Cross-Site Request Forgery (CSRF) •