Cisco Nexus Dashboard Fabric Controller Vulnerability Could Lead to Sensitive Information Disclosure
CVE-2024-20448

8.6HIGH

Key Information:

Vendor: Cisco
Status: Cisco Data Center Network Manager
Vendor: CVE Published:; 2 October 2024

Summary

A vulnerability exists in the Cisco Nexus Dashboard Fabric Controller (NDFC) software due to the improper storage of sensitive information within backup files. When backup files—both config only and full backups—are generated from affected devices, they may inadvertently expose critical data. An attacker with access to these backup files could parse their contents to retrieve sensitive information, including device credentials linked to the NDFC, the private key for the NDFC site manager, and the encryption key for scheduled backup files. This incident emphasizes the importance of secure data handling and proper security measures in preserving sensitive information.

Affected Version(s)

Cisco Data Center Network Manager 11.2(1)

Cisco Data Center Network Manager 7.0(2)

Cisco Data Center Network Manager 10.3(2)IPFM

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 2, 2024
Vulnerability Reserved
Nov 8, 2023