CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0CVE-2024-20442 – Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability
https://notcve.org/view.php?id=CVE-2024-20442
02 Oct 2024 — A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2024-20283
https://notcve.org/view.php?id=CVE-2024-20283
03 Apr 2024 — A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster. Una vulnerabilidad en Cisco Nexus Dashboard podría permitir que un ata... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2 • CWE-284: Improper Access Control •
CVSS: 6.0EPSS: 0%CPEs: 26EXPL: 0CVE-2024-20282
https://notcve.org/view.php?id=CVE-2024-20282
03 Apr 2024 — A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device. Una vuln... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH • CWE-269: Improper Privilege Management •
CVSS: 7.6EPSS: 0%CPEs: 46EXPL: 0CVE-2024-20281
https://notcve.org/view.php?id=CVE-2024-20281
03 Apr 2024 — A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to per... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfccsrf-TEmZEfJ9 • CWE-352: Cross-Site Request Forgery (CSRF) •