CVE-2024-20385

Name of the Vulnerable Software and Affected Versions Cisco Nexus Dashboard Orchestrator (NDO) (affected versions not specified)

Description A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device. This issue exists because the Cisco NDO Validate Peer Certificate site management feature only validates certificates for certain devices when a new site is added or an existing one is reregistered. An attacker could exploit this by using machine-in-the-middle techniques to intercept traffic and then using a crafted certificate to impersonate the affected device, potentially allowing the attacker to learn sensitive information during communications between devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.