CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-20348

A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.8%

CVSS Severity

CVSS v3 Score 7.5

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-dir-trav-SSn3AYDw
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-dir-trav-SSn3AYDw

Products affected by CVE-2024-20348

Cisco » Nexus Dashboard Fabric Controller » Version: 12.1.3

cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:12.1.3
Cisco » Nexus Dashboard Fabric Controller » Version: 12.1.3b

cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:12.1.3b

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20348

Products

Pricing

Contact Us