CVSS: 5.0EPSS: 0%CPEs: 39EXPL: 0CVE-2025-20348 – Cisco Nexus Dashboard Unauthorized REST API Vulnerability
https://notcve.org/view.php?id=CVE-2025-20348
27 Aug 2025 — A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nshs-urapi-gJuBVFpu •
CVSS: 7.7EPSS: 0%CPEs: 39EXPL: 0CVE-2025-20344 – Cisco Nexus Dashboard Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2025-20344
27 Aug 2025 — A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to gain root privileges on the underlying shell on the aff... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ptrs-XU2Fm2Wb •
CVSS: 8.7EPSS: 0%CPEs: 48EXPL: 0CVE-2025-20163 – Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability
https://notcve.org/view.php?id=CVE-2025-20163
04 Jun 2025 — A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a ma... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp • CWE-322: Key Exchange without Entity Authentication •
CVSS: 5.3EPSS: 0%CPEs: 22EXPL: 0CVE-2025-20150 – Cisco Nexus Dashboard Username Enumeration Vulnerability
https://notcve.org/view.php?id=CVE-2025-20150
16 Apr 2025 — A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-unenum-2xFFh472 • CWE-209: Generation of Error Message Containing Sensitive Information •