TL;DR 📌
Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller have vulnerabilities in their REST API that could allow low-privileged authenticated attackers to access sensitive information or modify files. The highest CVSS score is 5.4 (Medium severity). No workarounds are available, and updates are necessary to mitigate the risks.
What happened 🕵️♂️
Multiple vulnerabilities have been identified in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC). These vulnerabilities arise from missing authorization controls, enabling low-privileged authenticated attackers to potentially view sensitive information or perform limited administrative functions, such as uploading images or accessing configuration details. Exploitation requires sending crafted API requests to affected endpoints.