CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20536

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device. 

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.9%

CVSS Severity

CVSS v3 Score 8.8

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL

Products affected by CVE-2024-20536

Cisco » Nexus Dashboard Fabric Controller » Version: 12.1.2

cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:12.1.2
Cisco » Nexus Dashboard Fabric Controller » Version: 12.1.3

cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:12.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20536

Products

Pricing

Contact Us