Cisco Nexus Dashboard Insights
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Cisco Nexus Dashboard Insights.
Recent Cisco Nexus Dashboard Insights Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2026-04-01 | Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability | April 1, 2026 |
| 2026-04-01 | Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability | April 1, 2026 |
By the Year
In 2026 there have been 2 vulnerabilities in Cisco Nexus Dashboard Insights with an average score of 5.5 out of ten. Nexus Dashboard Insights did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 5.50 |
| 2025 | 0 | 0.00 |
| 2024 | 3 | 8.67 |
It may take a day or so for new Nexus Dashboard Insights vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Nexus Dashboard Insights Security Vulnerabilities
Auth RCE via Metadata Update in Cisco Nexus Dashboard Insights
CVE-2026-20174
4.9 - Medium
- April 01, 2026
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials. Note: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments.
Directory traversal
Cisco Nexus Dashboard SSRF via HTTP input validation
CVE-2026-20041
6.1 - Medium
- April 01, 2026
A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
SSRF
Cisco Nexus Dashboard Insights: Log Exposes Remote Controller Creds
CVE-2024-20491
8.6 - High
- October 02, 2024
A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
Insertion of Sensitive Information into Log File
Cisco NDFC/NDO: Log Leak Exposes HTTP Proxy Credentials
CVE-2024-20490
8.6 - High
- October 02, 2024
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
Insertion of Sensitive Information into Log File
Cisco Nexus Dashboard CSRF in Web-UI Enables Privileged Account Creation
CVE-2024-20281
8.8 - High
- April 03, 2024
A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cisco Nexus Dashboard Insights or by Cisco? Click the Watch button to subscribe.
