Cisco Nexus Dashboard Vulnerability Let Attackers Read Arbitrary Files
.webp "Cisco Nexus Dashboard Flaw Let Attackers Learn Arbitrary Files")
Cisco Nexus Dashboard Cloth Controller is a community management platform for all NX-OS-enabled units. It lets in data middle operation groups to assemble deep-dive troubleshooting and maintenance operations.
A brand unusual vulnerability has been discovered in the Cisco Nexus Dashboard Cloth Controller, which used to be associated with the Out-of-band (OOB) Slide and Play (PnP) feature.
This vulnerability lets in an unauthenticated far flung threat actor to study arbitrary files on the affected units.
Alternatively, Cisco has patched this vulnerability and released a security advisory to take care of it. This vulnerability has been assigned CVE-2024-20348, and the severity has been given as 7.5 (High).
Vulnerability Analysis – CVE-2024-20348
According to the stories shared with Cyber Security News, this vulnerability exists attributable to an unauthenticated provisioning web server, which a threat actor can exploit by sending snort web requests to the server.
AI-Powered Protection for Industry E-mail Security
Trustifi’s Developed threat protection prevents the widest spectrum of sophisticated attacks forward of they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other e-mail security alternate suggestions. .
If the exploitation is successful, the threat actor can study sensitive files in the PnP container, that will most certainly be primitive to escalate spoiled attacks on the PnP infrastructure. Cisco has talked about that there usually are now not any workarounds for mitigating this vulnerability.
Products plagued by this vulnerability embrace NDFC Initiate 12.1.3b with a default configuration.
If truth be told, the Cisco Nexus Dashboard hosting this NDFC is deployed as a cluster that connects every service node to the info and management networks.
Alternatively, the scope of this vulnerability is miniature to data community interfaces and does no longer influence the management interfaces. Furthermore, there has been no evidence of threat actors exploiting this vulnerability in the wild.
Fixed In Initiate
| Cisco NDFC Initiate | First Fixed Initiate |
| 12.1.2 and earlier | No longer susceptible. |
| 12.1.3 | Migrate to a mounted commence. |
| 12.2.11 | No longer susceptible. |
It is far suggested that users of the Cisco Nexus Dashboard upgrade to the most unusual model to quit threat actors from exploiting this vulnerability.
Secure your emails in a heartbeat! Take Trustifi free 30-second assessment and get matched with your ideal email security vendor - Try HereSource credit : cybersecuritynews.com
