CVE-2024-20477

Name of the Vulnerable Software and Affected Versions Cisco NDFC (affected versions not specified)

Description A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This issue exists due to missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint, potentially allowing them to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.