Cisco Nexus Dashboard Insights Vulnerability: Remote Controller Credentials at Risk
CVE-2024-20491

8.6HIGH

Key Information:

Vendor
Cisco
Status
Cisco Nexus Dashboard Insights
Vendor
CVE Published:
2 October 2024

Summary

A vulnerability exists in Cisco Nexus Dashboard Insights, where sensitive information can be exposed due to a flaw in its logging function. Specifically, remote controller credentials are inadvertently recorded in an internal log that is included in tech support files. If an unauthorized individual gains access to one of these tech support files, they may be able to retrieve sensitive credentials stored in clear text. Organizations are strongly advised to implement best practices for handling debug logs and tech support files with the utmost care, ensuring they are shared only with trusted parties to mitigate potential risks.

Affected Version(s)

Cisco Nexus Dashboard Insights 2.2.2.125

Cisco Nexus Dashboard Insights 2.2.2.126

Cisco Nexus Dashboard Insights 5.0.1.150

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.