Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities
TL;DR 📌
Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller have vulnerabilities in their REST API that could allow low-privileged authenticated attackers to access sensitive information or modify files. The highest CVSS score is 5.4 (Medium severity). No workarounds are available, and updates are necessary to mitigate the risks.
What happened 🕵️♂️
Multiple vulnerabilities have been identified in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC). These vulnerabilities arise from missing authorization controls, enabling low-privileged authenticated attackers to potentially view sensitive information or perform limited administrative functions, such as uploading images or accessing configuration details. Exploitation requires sending crafted API requests to affected endpoints.
Affected products 🖥️
- Cisco Nexus Dashboard
- Cisco Nexus Dashboard Fabric Controller (NDFC)
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 3.2 and earlier | Migrate to a fixed release. | |
| 4.1 | 4.1(1g) | |
| 1.0 | Initial public release. | |
| Cisco Nexus Dashboard | 4.1(1g) | 3.2 and earlier |
Workarounds 🧯
There are no workarounds that address these vulnerabilities.
Risk in context 🎯
The vulnerabilities are rated as Medium severity (CVSS 5.4). They require authenticated access, which limits the potential attack surface but still poses a risk if low-privileged accounts are compromised. The lack of workarounds means that remediation through software updates is essential.
Fast facts ⚡
- Vulnerabilities: CVE-2025-20347, CVE-2025-20348
- Highest CVSS score: 5.4 (Medium)
- Exploitation requires authenticated access
- No known public exploitation at this time
For leadership 🧭
The identified vulnerabilities in Cisco Nexus Dashboard and NDFC present a Medium risk to our operations. While they require authenticated access, the potential for sensitive information exposure and limited administrative actions is concerning. Remediation is necessary, with a recommended timeframe to patch within 7 days due to the absence of workarounds.
- Clear Now: Assess and prioritize patching of affected systems.
- Next: Migrate to the fixed software versions as outlined.
- Later: Monitor for any public announcements regarding exploitation.
Operational impact is expected to be minimal, with a brief maintenance window required for the updates, ensuring no configuration drift occurs.