cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20491,https://securityvulnerability.io/vulnerability/CVE-2024-20491,Cisco Nexus Dashboard Insights Vulnerability: Remote Controller Credentials at Risk,"A vulnerability exists in Cisco Nexus Dashboard Insights, where sensitive information can be exposed due to a flaw in its logging function. Specifically, remote controller credentials are inadvertently recorded in an internal log that is included in tech support files. If an unauthorized individual gains access to one of these tech support files, they may be able to retrieve sensitive credentials stored in clear text. Organizations are strongly advised to implement best practices for handling debug logs and tech support files with the utmost care, ensuring they are shared only with trusted parties to mitigate potential risks.",Cisco,Cisco Nexus Dashboard Insights,8.6,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-02T16:55:25.503Z,0
CVE-2024-20490,https://securityvulnerability.io/vulnerability/CVE-2024-20490,Cisco Nexus Dashboard Vulnerability: Sensitive Information at Risk,"A vulnerability exists within the logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) that potentially exposes sensitive information, particularly HTTP proxy credentials stored in tech support files. If an attacker gains access to one of these files generated from an affected system, they may retrieve clear text proxy server administrative credentials used to access external networks. It is essential to practice secure handling of tech support files and logs to prevent unauthorized access to sensitive information.",Cisco,"Cisco Data Center Network Manager,Cisco Nexus Dashboard Orchestrator",8.6,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-02T16:55:15.650Z,0
CVE-2024-20442,https://securityvulnerability.io/vulnerability/CVE-2024-20442,Limited Administrator Actions Vulnerability in Cisco Nexus Dashboard REST API,"A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device.

This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.",Cisco,Cisco Nexus Dashboard,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-02T16:53:41.383Z,0
CVE-2024-20385,https://securityvulnerability.io/vulnerability/CVE-2024-20385,Cisco NDO Vulnerability: Unauthenticated Certificate Interception Threat,"A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device. 

This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature validates the certificates for Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud Network Controller (CNC), and Cisco Nexus Dashboard only when a new site is added or an existing one is reregistered. An attacker could exploit this vulnerability by using machine-in-the-middle techniques to intercept the traffic between the affected device and Cisco NDO and then using a crafted certificate to impersonate the affected device. A successful exploit could allow the attacker to learn sensitive information during communications between these devices.",Cisco,Cisco Nexus Dashboard Orchestrator,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-02T16:52:55.860Z,0
CVE-2024-20282,https://securityvulnerability.io/vulnerability/CVE-2024-20282,Elevated Privilege Vulnerability in Cisco Nexus Dashboard,"A vulnerability in Cisco Nexus Dashboard allows authenticated local attackers with valid rescue-user credentials to elevate their privileges to root on affected devices. This issue arises from inadequate protection of a sensitive access token. By exploiting this vulnerability, attackers can utilize the access token to gain unauthorized access to essential resources within the device's infrastructure. If successfully exploited, this vulnerability can enable attackers to secure root access to the filesystem or hosted containers, posing a significant security risk.",Cisco,Cisco Nexus Dashboard,6,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-08-27T14:15:03.000Z,,false,false,,2024-04-03T17:15:00.000Z,0
CVE-2023-20053,https://securityvulnerability.io/vulnerability/CVE-2023-20053,Cross-Site Scripting Vulnerability in Cisco Nexus Dashboard Management Interface,"A vulnerability exists in the web-based management interface of Cisco Nexus Dashboard, which could permit unauthenticated remote attackers to launch cross-site scripting (XSS) attacks against users of the interface. This issue arises from inadequate validation of user input. An attacker may exploit this vulnerability by enticing a user to click a specially crafted link, enabling the execution of arbitrary scripts within the affected interface. Successful exploitation could lead to exposure of sensitive browser-based information, allowing the attacker to compromise user security and integrity.",Cisco,Cisco Nexus Dashboard,6.1,MEDIUM,0.0013599999947473407,false,,false,false,false,,,false,false,,2023-03-01T08:15:00.000Z,0
CVE-2023-20014,https://securityvulnerability.io/vulnerability/CVE-2023-20014,Denial of Service Vulnerability in Cisco Nexus Dashboard Software,"A vulnerability exists in the DNS functionality of Cisco Nexus Dashboard Software that could be exploited by an unauthenticated remote attacker. The issue arises from improper processing of DNS requests, enabling an attacker to send a continuous stream of DNS queries to the affected device. This exploitation could lead to a disruption of the coredns service, either causing it to stop functioning or forcing the device to reboot, resulting in a Denial of Service condition.",Cisco,Cisco Nexus Dashboard,7.5,HIGH,0.0013699999544769526,false,,false,false,false,,,false,false,,2023-03-01T08:15:00.000Z,0
CVE-2022-20906,https://securityvulnerability.io/vulnerability/CVE-2022-20906,Cisco Nexus Dashboard Privilege Escalation Vulnerabilities,"Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.",Cisco,Cisco Nexus Dashboard,6,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T03:15:46.000Z,,false,false,,2022-07-22T04:15:00.000Z,0
CVE-2022-20909,https://securityvulnerability.io/vulnerability/CVE-2022-20909,Cisco Nexus Dashboard Privilege Escalation Vulnerabilities,"Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.",Cisco,Cisco Nexus Dashboard,6,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T03:15:46.000Z,,false,false,,2022-07-22T04:15:00.000Z,0
CVE-2022-20908,https://securityvulnerability.io/vulnerability/CVE-2022-20908,Cisco Nexus Dashboard Privilege Escalation Vulnerabilities,"Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.",Cisco,Cisco Nexus Dashboard,6,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T03:15:46.000Z,,false,false,,2022-07-22T04:15:00.000Z,0
CVE-2022-20913,https://securityvulnerability.io/vulnerability/CVE-2022-20913,Cisco Nexus Dashboard Arbitrary File Write Vulnerability,"A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device.",Cisco,Cisco Nexus Dashboard,4.9,MEDIUM,0.0011399999493733048,false,,false,false,true,2024-08-03T03:15:47.000Z,,false,false,,2022-07-22T04:15:00.000Z,0
CVE-2022-20861,https://securityvulnerability.io/vulnerability/CVE-2022-20861,Cisco Nexus Dashboard Unauthorized Access Vulnerabilities,"Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Nexus Dashboard,9.8,CRITICAL,0.004040000028908253,false,,false,false,true,2024-08-03T03:15:44.000Z,,false,false,,2022-07-21T04:15:00.000Z,0
CVE-2022-20860,https://securityvulnerability.io/vulnerability/CVE-2022-20860,Cisco Nexus Dashboard SSL Certificate Validation Vulnerability,"A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers.",Cisco,Cisco Nexus Dashboard,7.4,HIGH,0.0013200000394135714,false,,false,false,true,2024-08-03T03:15:44.000Z,,false,false,,2022-07-21T04:15:00.000Z,0
CVE-2022-20857,https://securityvulnerability.io/vulnerability/CVE-2022-20857,Cisco Nexus Dashboard Unauthorized Access Vulnerabilities,"Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Nexus Dashboard,9.8,CRITICAL,0.04407000169157982,false,,false,false,true,2024-08-03T03:15:44.000Z,,false,false,,2022-07-21T04:15:00.000Z,0
CVE-2022-20858,https://securityvulnerability.io/vulnerability/CVE-2022-20858,Cisco Nexus Dashboard Unauthorized Access Vulnerabilities,"Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Nexus Dashboard,9.8,CRITICAL,0.04407000169157982,false,,false,false,true,2024-08-03T03:15:44.000Z,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-20907,https://securityvulnerability.io/vulnerability/CVE-2022-20907,Cisco Nexus Dashboard Privilege Escalation Vulnerabilities,"Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.",Cisco,Cisco Nexus Dashboard,6,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T03:15:46.000Z,,false,false,,2022-07-20T00:00:00.000Z,0