CVE-2024-20491
Cisco Nexus Dashboard Insights Information Disclosure Vulnerability
Severity Score
6.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information.
This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text.
Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-08 CVE Reserved
- 2024-10-02 CVE Published
- 2024-10-02 CVE Updated
- 2024-10-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 2.2.2.125 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "2.2.2.125" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 2.2.2.126 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "2.2.2.126" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 5.0.1.150 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "5.0.1.150" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 5.0.1.154 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "5.0.1.154" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 5.1.0.131 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "5.1.0.131" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 5.1.0.135 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "5.1.0.135" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 6.0.1 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "6.0.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 6.0.2 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "6.0.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 6.1.1 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "6.1.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 6.1.2 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "6.1.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 6.1.3 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "6.1.3" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 6.2.1 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "6.2.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 6.2.2 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "6.2.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Nexus Dashboard Insights Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" | 6.3.1 Search vendor "Cisco" for product "Cisco Nexus Dashboard Insights" and version "6.3.1" | en |
Affected
| ||||||