SQL Injection in Cisco NDFC REST API
CVE-2024-20536 Published on November 6, 2024

Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability
A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device. 

NVD

Vulnerability Analysis

CVE-2024-20536 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2024-20536 has been classified to as a SQL Injection vulnerability or weakness.


Products Associated with CVE-2024-20536

Want to know whenever a new CVE is published for Cisco Nexus Dashboard Fabric Controller? stack.watch will email you.

Cisco Nexus Dashboard Fabric Controller
 

Affected Versions

Cisco Data Center Network Manager: cisco data_center_network_manager: cisco data_center_network_manager: cisco data_center_network_manager:

Exploit Probability

EPSS
1.86%
Percentile
82.85%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.