Cisco Nexus Dashboard Authenticated API Flaw Reveals Cluster Info
CVE-2024-20283 Published on April 3, 2024
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster.
Vulnerability Analysis
CVE-2024-20283 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2024-20283 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2024-20283
Want to know whenever a new CVE is published for Cisco Nexus Dashboard? stack.watch will email you.
Affected Versions
Cisco Nexus Dashboard:- Version 1.1(0c) is affected.
- Version 1.1(0d) is affected.
- Version 1.1(2h) is affected.
- Version 1.1(2i) is affected.
- Version 1.1(3c) is affected.
- Version 1.1(3d) is affected.
- Version 1.1(3e) is affected.
- Version 1.1(3f) is affected.
- Version 2.0(1b) is affected.
- Version 2.0(1d) is affected.
- Version 2.0(2g) is affected.
- Version 2.0(2h) is affected.
- Version 2.1(1d) is affected.
- Version 2.1(1e) is affected.
- Version 2.1(2d) is affected.
- Version 2.1(2f) is affected.
- Version 2.2(1e) is affected.
- Version 2.2(1h) is affected.
- Version 2.2(2d) is affected.
- Version 2.3(1c) is affected.
- Version 2.3(2b) is affected.
- Version 2.3(2c) is affected.
- Version 2.3(2d) is affected.
- Version 2.3(2e) is affected.
- Version 3.0(1f) is affected.
- Version 3.0(1i) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.