What is the severity of CVE-2024-20438?

CVE-2024-20438 is considered a medium severity vulnerability due to its potential impact on file access through the REST API.

How do I fix CVE-2024-20438?

To mitigate CVE-2024-20438, ensure that appropriate authorization controls are implemented for the impacted REST API endpoints.

Who is affected by CVE-2024-20438?

CVE-2024-20438 affects users of Cisco Nexus Dashboard Software versions prior to 3.2(1e) and Cisco Nexus Dashboard Fabric Controller versions between 12.0.0 and 12.2.2.

What types of attacks can occur due to CVE-2024-20438?

An attacker exploiting CVE-2024-20438 could read or write files on the affected devices by leveraging unauthorized API access.

Is CVE-2024-20438 remote exploitable?

Yes, CVE-2024-20438 can be exploited by authenticated remote attackers with low privileges.

Vulnerability/
CVE-2024-20438

medium

6.3

CWE

693 862

2/10/2024

8/10/2024

CVE-2024-20438: Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability

First published: Wed Oct 02 2024(Updated: )

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Nexus Dashboard Software	<3.2\(1e\)
Cisco Nexus Dashboard Fabric Controller	>=12.0.0<12.2.2

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN

Frequently Asked Questions

What is the severity of CVE-2024-20438?
CVE-2024-20438 is considered a medium severity vulnerability due to its potential impact on file access through the REST API.
How do I fix CVE-2024-20438?
To mitigate CVE-2024-20438, ensure that appropriate authorization controls are implemented for the impacted REST API endpoints.
Who is affected by CVE-2024-20438?
CVE-2024-20438 affects users of Cisco Nexus Dashboard Software versions prior to 3.2(1e) and Cisco Nexus Dashboard Fabric Controller versions between 12.0.0 and 12.2.2.
What types of attacks can occur due to CVE-2024-20438?
An attacker exploiting CVE-2024-20438 could read or write files on the affected devices by leveraging unauthorized API access.
Is CVE-2024-20438 remote exploitable?
Yes, CVE-2024-20438 can be exploited by authenticated remote attackers with low privileges.

agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco nexus dashboard software
canonical/cisco nexus dashboard fabric controller
version/cisco nexus dashboard fabric controller/12.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.