CVE-2024-20283

Name of the Vulnerable Software and Affected Versions Cisco Nexus Dashboard (affected versions not specified)

Description The issue is related to insufficient access controls on a specific API endpoint, allowing a remote attacker to gain unauthorized access to protected information by sending specially crafted requests. This could enable an attacker to access metrics and information about devices in the Nexus Dashboard cluster. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For Cisco Nexus Dashboard, consider restricting access to the vulnerable API endpoint until a patch is available. As a temporary workaround, avoid using the vulnerable API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.