Cisco Nexus Dashboard Fabric Controller Vulnerability Could Allow Arbitrary SQL Commands

CVE-2024-20536

8.8HIGH

Key Information

Vendor
Cisco
Status
Cisco Data Center Network Manager
Vendor
CVE Published:
6 November 2024

Badges

๐Ÿ‘พ Exploit Exists

Summary

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device.ย 

Affected Version(s)

Cisco Data Center Network Manager = 12.1.2e

Cisco Data Center Network Manager = 12.1.2p

Cisco Data Center Network Manager = 12.1.3b

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.