CVE-2024-20490
Published: Oct 2, 2024
Modified: Oct 2, 2024
CVSS v3.1
6.3
Description
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
| Vendor | Product | Versions |
|---|---|---|
Cisco | Cisco Data Center Network Manager | affected 12.1.1eaffected 12.1.1paffected 12.1.2eaffected 12.1.2paffected 12.1.3b+2 more versions |
Cisco | Cisco Nexus Dashboard Orchestrator | affected 1.0(1i)affected 1.0(2b)affected 3.7(1d)affected 3.7(1g)affected 3.7(1h)+20 more versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now