Lucene search

CiscoCISCO-SA-NDIDV-LMXDVAF2

HistoryApr 03, 2024 - 4:00 p.m.

Cisco Nexus Dashboard Information Disclosure Vulnerability

2024-04-0316:00:00

tools.cisco.com

cisco

nexus dashboard

information disclosure

vulnerability

authenticated

remote attacker

deployment

improper access controls

api endpoint

metrics

software updates

advisory

cluster

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device.

This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2”]

Affected configurations

Vulners

Node

cisconexus_dashboardMatchany

CPENameOperatorVersion
cisco nexus dashboardeqany
cisco nexus dashboardeqany

CPE	Name	Operator	Version
	cisco nexus dashboard	eq	any
	cisco nexus dashboard	eq	any

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2