Cisco Nexus Dashboard Insights: Log Exposes Remote Controller Creds
CVE-2024-20491 Published on October 2, 2024
Cisco Nexus Dashboard Insights Information Disclosure Vulnerability
A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information.
This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text.
Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
Vulnerability Analysis
CVE-2024-20491 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2024-20491 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2024-20491
Want to know whenever a new CVE is published for Cisco products? stack.watch will email you.
Affected Versions
Cisco Nexus Dashboard Insights:- Version 2.2.2.125 is affected.
- Version 2.2.2.126 is affected.
- Version 5.0.1.150 is affected.
- Version 5.0.1.154 is affected.
- Version 5.1.0.131 is affected.
- Version 5.1.0.135 is affected.
- Version 6.0.1 is affected.
- Version 6.0.2 is affected.
- Version 6.1.1 is affected.
- Version 6.1.2 is affected.
- Version 6.1.3 is affected.
- Version 6.2.1 is affected.
- Version 6.2.2 is affected.
- Version 6.3.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.