CVE-2024-20385: Cisco Nexus Dashboard Orchestrator SSL Certificate Validation Vulnerability
First published: Wed Oct 02 2024(Updated: )
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device. This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature validates the certificates for Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud Network Controller (CNC), and Cisco Nexus Dashboard only when a new site is added or an existing one is reregistered. An attacker could exploit this vulnerability by using machine-in-the-middle techniques to intercept the traffic between the affected device and Cisco NDO and then using a crafted certificate to impersonate the affected device. A successful exploit could allow the attacker to learn sensitive information during communications between these devices.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Nexus Dashboard Orchestrator | <4.2\(3o\) | |
| Cisco Nexus Dashboard Orchestrator | >=4.3.0<4.4\(1.1009\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-20385?
The severity of CVE-2024-20385 is high, as it allows unauthenticated remote attackers to intercept sensitive information.
How do I fix CVE-2024-20385?
To fix CVE-2024-20385, users should apply the recommended patches and updates provided by Cisco for affected versions of Nexus Dashboard Orchestrator.
Which versions of Cisco Nexus Dashboard Orchestrator are affected by CVE-2024-20385?
CVE-2024-20385 affects Cisco Nexus Dashboard Orchestrator versions prior to 4.2(3o) and versions from 4.3.0 up to but not including 4.4(1.1009).
What could an attacker achieve by exploiting CVE-2024-20385?
An attacker exploiting CVE-2024-20385 could intercept sensitive information transmitted over SSL/TLS connections.
Is authentication required to exploit CVE-2024-20385?
No, CVE-2024-20385 can be exploited by unauthenticated users, making it especially critical for remediation.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco nexus dashboard orchestrator
- version/cisco nexus dashboard orchestrator/4.3.0