cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-3538,https://securityvulnerability.io/vulnerability/CVE-2020-3538,Cisco DCNM Software Vulnerability: Path Traversal Attacks Ahead,"A security vulnerability exists in a specific REST API endpoint of Cisco Data Center Network Manager (DCNM) Software, enabling an authenticated remote attacker to conduct path traversal attacks. This issue arises from inadequate enforcement of path restrictions within the API. An attacker could exploit this flaw by sending specially crafted HTTP requests, which may allow them to overwrite or list arbitrary files on the affected device. To mitigate this threat, Cisco has provided software updates designed to resolve the vulnerability. There are currently no alternative workarounds available to address this issue.",Cisco,Cisco Data Center Network Manager,4.6,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-11-18T15:53:59.243Z,0
CVE-2020-3539,https://securityvulnerability.io/vulnerability/CVE-2020-3539,Cisco DCNM Vulnerability Allows Unauthorized Access to Templates,"A vulnerability exists in the web-based management interface of Cisco Data Center Network Manager, enabling an authenticated, remote attacker to gain unauthorized access to data typically restricted to users with Administrator privileges. This flaw arises from the application's failure to appropriately restrict access to certain resources. By leveraging this vulnerability, an attacker can exploit the system through social engineering tactics, such as tricking a user into clicking a specially crafted URL. Upon successful exploitation, the attacker can conduct various unauthorized actions, including listing, viewing, creating, editing, and deleting templates, thereby masquerading as a fully privileged Administrator user. Cisco has acknowledged this vulnerability and has released software updates addressing these issues, with no viable workarounds available.",Cisco,Cisco Data Center Network Manager,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-18T15:53:49.599Z,0
CVE-2024-20536,https://securityvulnerability.io/vulnerability/CVE-2024-20536,Cisco Nexus Dashboard Fabric Controller Vulnerability Could Allow Arbitrary SQL Commands,"A vulnerability exists in the REST API endpoint and the web-based management interface of the Cisco Nexus Dashboard Fabric Controller (NDFC), which could permit authenticated remote attackers with read-only privileges to execute arbitrary SQL commands. This flaw is caused by inadequate validation of user-supplied input, enabling an attacker to exploit this vulnerability by dispatching a specially crafted request to a targeted REST API endpoint or management interface. Successfully exploiting this vulnerability could allow unauthorized access to read, modify, or delete data within the system's internal database, posing significant risks to data integrity and availability.",Cisco,Cisco Data Center Network Manager,8.8,HIGH,0.0004299999854993075,false,,false,false,true,2024-11-09T05:15:04.000Z,,false,false,,2024-11-06T17:15:00.000Z,0
CVE-2024-20490,https://securityvulnerability.io/vulnerability/CVE-2024-20490,Cisco Nexus Dashboard Vulnerability: Sensitive Information at Risk,"A vulnerability exists within the logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) that potentially exposes sensitive information, particularly HTTP proxy credentials stored in tech support files. If an attacker gains access to one of these files generated from an affected system, they may retrieve clear text proxy server administrative credentials used to access external networks. It is essential to practice secure handling of tech support files and logs to prevent unauthorized access to sensitive information.",Cisco,"Cisco Data Center Network Manager,Cisco Nexus Dashboard Orchestrator",8.6,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-02T16:55:15.650Z,0
CVE-2024-20477,https://securityvulnerability.io/vulnerability/CVE-2024-20477,Cisco NDFC Vulnerability Allows File Tampering,"A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device.

This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.",Cisco,Cisco Data Center Network Manager,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-02T16:55:07.208Z,0
CVE-2024-20449,https://securityvulnerability.io/vulnerability/CVE-2024-20449,Arbitrary Code Execution Vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC),"A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) allows authenticated remote attackers with low privileges to execute arbitrary code on affected devices. This security issue is attributed to improper path validation, enabling exploitation through the Secure Copy Protocol (SCP). By leveraging path traversal techniques, an attacker can upload malicious code to the targeted device. Successfully exploiting this vulnerability may allow the attacker to execute arbitrary code in a specific container, operating with root privileges.",Cisco,Cisco Data Center Network Manager,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-02T16:54:50.760Z,0
CVE-2024-20448,https://securityvulnerability.io/vulnerability/CVE-2024-20448,Cisco Nexus Dashboard Fabric Controller Vulnerability Could Lead to Sensitive Information Disclosure,"A vulnerability exists in the Cisco Nexus Dashboard Fabric Controller (NDFC) software due to the improper storage of sensitive information within backup files. When backup files—both config only and full backups—are generated from affected devices, they may inadvertently expose critical data. An attacker with access to these backup files could parse their contents to retrieve sensitive information, including device credentials linked to the NDFC, the private key for the NDFC site manager, and the encryption key for scheduled backup files. This incident emphasizes the importance of secure data handling and proper security measures in preserving sensitive information.",Cisco,Cisco Data Center Network Manager,8.6,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-02T16:54:17.748Z,0
CVE-2024-20444,https://securityvulnerability.io/vulnerability/CVE-2024-20444,Cisco Nexus Dashboard Fabric Controller Vulnerability Could Lead to Command Injection and Denial of Service Attacks,"A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device.
 
This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.",Cisco,Cisco Data Center Network Manager,5.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-10-02T16:54:09.855Z,0
CVE-2024-20441,https://securityvulnerability.io/vulnerability/CVE-2024-20441,Cisco NDFC Vulnerability Allows Low-Privileged Attackers to Access Sensitive Configuration Information,"A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device.

This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to download config only or full backup files and learn sensitive configuration information. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.",Cisco,Cisco Data Center Network Manager,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-02T16:53:32.918Z,0
CVE-2024-20438,https://securityvulnerability.io/vulnerability/CVE-2024-20438,Cisco NDFC REST API Vulnerability: Limited Network-Admin Functions at Risk,"A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device.

This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files.
Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.",Cisco,Cisco Data Center Network Manager,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-02T16:53:23.486Z,0
CVE-2024-20432,https://securityvulnerability.io/vulnerability/CVE-2024-20432,Cisco NDFC Vulnerability Allows Command Injection Attacks,"The vulnerability CVE-2024-20432 affects the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC). An authenticated, low-privileged, remote attacker could exploit this vulnerability to perform a command injection attack, leading to the execution of arbitrary commands on a managed device with network-admin privileges. The vulnerability is due to improper user authorization and insufficient validation of command arguments. Cisco has released software updates to address this vulnerability, and there are no workarounds available. The impact of this vulnerability is significant, as it can potentially lead to unauthorized access and control over affected systems. There is no information on whether ransomware groups have exploited this vulnerability.",Cisco,Cisco Data Center Network Manager,8.8,HIGH,0.0004900000058114529,false,,true,false,false,,,false,false,,2024-10-02T16:53:15.038Z,0
CVE-2021-1253,https://securityvulnerability.io/vulnerability/CVE-2021-1253,Cisco Data Center Network Manager Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Data Center Network Manager,6.5,MEDIUM,0.0006399999838322401,false,,false,false,true,2024-08-03T17:15:46.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1270,https://securityvulnerability.io/vulnerability/CVE-2021-1270,Cisco Data Center Network Manager Authorization Bypass Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Data Center Network Manager,6.3,MEDIUM,0.0007999999797903001,false,,false,false,true,2024-08-03T17:15:47.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1269,https://securityvulnerability.io/vulnerability/CVE-2021-1269,Cisco Data Center Network Manager Authorization Bypass Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Data Center Network Manager,6.3,MEDIUM,0.0009699999936856329,false,,false,false,true,2024-08-03T17:15:47.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1255,https://securityvulnerability.io/vulnerability/CVE-2021-1255,Cisco Data Center Network Manager REST API Vulnerabilities,"Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Data Center Network Manager,4.6,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-08-03T17:15:47.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1283,https://securityvulnerability.io/vulnerability/CVE-2021-1283,Cisco Data Center Network Manager Information Disclosure Vulnerability,"A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is written to system log files. An attacker could exploit this vulnerability by authenticating to an affected device and inspecting a specific system log file. A successful exploit could allow the attacker to view sensitive information in the system log file. To exploit this vulnerability, the attacker would need to have valid user credentials.",Cisco,Cisco Data Center Network Manager,5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T17:15:48.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1249,https://securityvulnerability.io/vulnerability/CVE-2021-1249,Cisco Data Center Network Manager Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Data Center Network Manager,6.5,MEDIUM,0.0006399999838322401,false,,false,false,true,2024-08-03T17:15:46.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1248,https://securityvulnerability.io/vulnerability/CVE-2021-1248,Cisco Data Center Network Manager SQL Injection Vulnerabilities,"Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Data Center Network Manager,8.8,HIGH,0.0027000000700354576,false,,false,false,true,2024-08-03T17:15:46.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1272,https://securityvulnerability.io/vulnerability/CVE-2021-1272,Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability,"A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker. An attacker could exploit this vulnerability by sending a crafted HTTP request to an authenticated user of the DCNM web application. A successful exploit could allow the attacker to bypass access controls and gain unauthorized access to the Device Manager application, which provides access to network devices managed by the system.",Cisco,Cisco Data Center Network Manager,8.8,HIGH,0.0016599999507889152,false,,false,false,true,2024-08-03T17:15:47.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1250,https://securityvulnerability.io/vulnerability/CVE-2021-1250,Cisco Data Center Network Manager Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Data Center Network Manager,6.5,MEDIUM,0.0006399999838322401,false,,false,false,true,2024-08-03T17:15:46.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1135,https://securityvulnerability.io/vulnerability/CVE-2021-1135,Cisco Data Center Network Manager REST API Vulnerabilities,"Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Data Center Network Manager,4.6,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-08-03T17:15:40.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1247,https://securityvulnerability.io/vulnerability/CVE-2021-1247,Cisco Data Center Network Manager SQL Injection Vulnerabilities,"Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Data Center Network Manager,8.8,HIGH,0.0027000000700354576,false,,false,false,true,2024-08-03T17:15:46.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1276,https://securityvulnerability.io/vulnerability/CVE-2021-1276,Cisco Data Center Network Manager Certificate Validation Vulnerabilities,"Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Data Center Network Manager,7.5,HIGH,0.0008699999889358878,false,,false,false,true,2024-08-03T17:15:48.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1277,https://securityvulnerability.io/vulnerability/CVE-2021-1277,Cisco Data Center Network Manager Certificate Validation Vulnerabilities,"Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Data Center Network Manager,7.5,HIGH,0.0008699999889358878,false,,false,false,true,2024-08-03T17:15:48.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1133,https://securityvulnerability.io/vulnerability/CVE-2021-1133,Cisco Data Center Network Manager REST API Vulnerabilities,"Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Data Center Network Manager,4.6,MEDIUM,0.0011699999449774623,false,,false,false,true,2024-08-03T17:15:40.000Z,,false,false,,2021-01-20T00:00:00.000Z,0