CVE-2024-20281
Published: Apr 3, 2024
Modified: Aug 1, 2024
CVSS v3.1
7.5
Description
A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability.
| Vendor | Product | Versions |
|---|---|---|
Cisco | Cisco Data Center Network Manager | affected 12.1(1)affected 12.1.1eaffected 12.1.2eaffected 12.1.3baffected 12.0.1a+2 more versions |
Cisco | Cisco Nexus Dashboard | affected 1.1(0c)affected 1.1(0d)affected 1.1(2h)affected 1.1(2i)affected 1.1(3c)+20 more versions |
Cisco | Cisco Nexus Dashboard Orchestrator | affected N/A |
Cisco | Cisco Nexus Dashboard Insights | affected 2.2.2.125affected 2.2.2.126affected 5.0.1.150affected 5.0.1.154affected 5.1.0.131+9 more versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now