CVE-2024-20441

Name of the Vulnerable Software and Affected Versions Cisco NDFC (affected versions not specified)

Description A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This issue is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint, potentially allowing them to download config or full backup files and learn sensitive configuration information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.