CVE-2024-20283

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2	Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*

History

07 May 2025, 16:06

Type	Values Removed	Values Added
CPE		cpe:2.3:a:cisco:nexus_dashboard::::::::
CWE		NVD-CWE-noinfo
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2 -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2 - Vendor Advisory
First Time		Cisco Cisco nexus Dashboard

21 Nov 2024, 08:52

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en Cisco Nexus Dashboard podría permitir que un atacante remoto autenticado obtenga información de implementación del clúster en un dispositivo afectado. Esta vulnerabilidad se debe a controles de acceso inadecuados en un endpoint API específico. Un atacante podría aprovechar esta vulnerabilidad enviando consultas al endpoint de la API. Un exploit exitoso podría permitir a un atacante acceder a métricas e información sobre dispositivos en el clúster Nexus Dashboard.
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2 -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2 -

03 Apr 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-03 17:15

Updated : 2025-05-07 16:06

NVD link : CVE-2024-20283

Mitre link : CVE-2024-20283

CVE.ORG link : CVE-2024-20283

JSON object : View

Products Affected

cisco

nexus_dashboard

CWE

CWE-284

Improper Access Control

NVD-CWE-noinfo

4.3 /10