CVE-2024-20441— Cisco Nexus Dashboard 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2024-20441の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to download config only or full backup files and learn sensitive configuration information. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
授权机制不恰当
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Cisco Nexus Dashboard 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Cisco Nexus Dashboard是美国思科(Cisco)公司的一个单一控制台。能够简化数据中心网络的运营和管理。 Cisco Nexus Dashboard存在安全漏洞,该漏洞源于受影响的 REST API 端点上的授权控制不足。允许经过身份验证的低权限远程攻击者在受影响的设备上执行有限的网络管理功能。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Cisco | Cisco Data Center Network Manager | 12.1(1) | - |
II. CVE-2024-20441の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2024-20441のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Cisco · 2024-10-02 · 32 CVEs total
| CVE-2024-20432 | 9.9 CRITICAL | Cisco Nexus Dashboard Fabric Controller Web UI Command Injection Vulnerability |
| CVE-2024-20393 | 8.8 HIGH | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation V |
| CVE-2024-20449 | 8.8 HIGH | Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability |
| CVE-2024-20501 | 8.6 HIGH | Cisco AnyConnect VPN 安全漏洞 |
| CVE-2024-20499 | 8.6 HIGH | Cisco Meraki Z Series Teleworker Gateway和Cisco Meraki MX 安全漏洞 |
| CVE-2024-20498 | 8.6 HIGH | Cisco Meraki Z Series Teleworker Gateway和Cisco Meraki MX 安全漏洞 |
| CVE-2024-20524 | 6.8 MEDIUM | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20523 | 6.8 MEDIUM | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20516 | 6.8 MEDIUM | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20517 | 6.8 MEDIUM | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20365 | 6.5 MEDIUM | Cisco Integrated Management Controller Redfish Command Injection Vulnerability |
| CVE-2024-20515 | 6.5 MEDIUM | Cisco Identity Services Engine Information Disclosure Vulnerability |
| CVE-2024-20518 | 6.5 MEDIUM | Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilit |
| CVE-2024-20520 | 6.5 MEDIUM | Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilit |
| CVE-2024-20521 | 6.5 MEDIUM | Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilit |
| CVE-2024-20522 | 6.5 MEDIUM | Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities |
| CVE-2024-20519 | 6.5 MEDIUM | Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilit |
| CVE-2024-20491 | 6.3 MEDIUM | Cisco Nexus Dashboard Insights Information Disclosure Vulnerability |
| CVE-2024-20490 | 6.3 MEDIUM | Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Discl |
| CVE-2024-20448 | 6.3 MEDIUM | Cisco Nexus Dashboard Fabric Controller Credential Information Disclosure Vulnerability |
Showing 20 of 32 CVEs. View all on vendor page →
IV. 関連脆弱性
- CVE-2025-20347
Cisco Nexus Dashboard Fabric Controller Unauthorized REST AP - CVE-2025-20163
Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnera - CVE-2020-3538
Cisco Data Center Network Manager Path Traversal Vulnerabil - CVE-2020-3539
Cisco Data Center Network Manager Authorization Bypass Vulne - CVE-2024-20536
Cisco Nexus Dashboard Fabric Controller SQL Injection Vulner
同じベンダー: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
同じ弱点: CWE-285
- CVE-2026-8241
Industrial Application Software IAS Canias ERP RMI iasGetSer - CVE-2026-42202
nova-toggle-5: Improper authorization on toggle endpoint all - CVE-2026-33823
Microsoft Team Events Portal Information Disclosure Vulnerab - CVE-2026-41572
Note Mark: Unauthenticated read of notes and assets in soft- - CVE-2026-7713
crocodilestick Calibre-Web-Automated Kobo auth-token Route k
V. CVE-2024-20441へのコメント
まだコメントはありません