CVE-2024-20438

Name of the Vulnerable Software and Affected Versions Cisco Nexus Dashboard Fabric Controller (NDFC) versions (affected versions not specified)

Description The issue is related to a lack of authorization in the implementation of the Cisco NDFC platform's application programming interface. This could allow a remote attacker with low privileges to impact the integrity of protected information. The vulnerability exists due to missing authorization controls on some REST API endpoints, which could be exploited by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions, such as reading device configuration information, uploading files, and modifying uploaded files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.