CVE-2024-20348

Name of the Vulnerable Software and Affected Versions Cisco Nexus Dashboard Fabric Controller (NDFC) (affected versions not specified)

Description A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This issue is due to an unauthenticated provisioning web server and incorrect restriction of the directory path name, allowing an attacker to exploit the vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container, potentially facilitating further attacks on the PnP infrastructure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.