Cisco Nexus Dashboard SSRF Vulnerability Summary

Cisco Nexus Dashboard SSRF Vulnerability Summary Vulnerability Overview Vulnerability Name: Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability Vulnerability Type: Server-Side Request Forgery (SSRF) Severity: Medium CVSS Score: Base 5.1 Description: This vulnerability is caused by improper input validation in specific HTTP requests. An attacker can induce an authenticated user to click on a malicious link to exploit this vulnerability, causing the affected device to send arbitrary network requests to a server controlled by the attacker. Successful exploitation may allow the attacker to execute arbitrary script code or access sensitive browser information. Workarounds: None available Affected Products Affected devices include those running affected versions of Cisco Nexus Dashboard or Nexus Dashboard Insights, regardless of device configuration. Affected Products: Cisco Nexus Dashboard Insights Release: 6.5 and earlier Cisco Nexus Dashboard Release: 3.2 and earlier Cisco Nexus Dashboard Release: 4.1 (requires migration to a fixed release) Unaffected Products (Confirmed Not Vulnerable): Nexus Dashboard Fabric Controller (NDFC) Nexus Dashboard Orchestrator (NDO) Remediation Cisco strongly recommends that customers upgrade to the fixed software versions specified in the advisory. Cisco Nexus Dashboard Insights Release: Migrate to a fixed Nexus Dashboard release. Cisco Nexus Dashboard Release: 3.2 and earlier: Migrate to a fixed release. 4.1: Migrate to a fixed release. 4.2: Not vulnerable. Note: Starting with Nexus Dashboard Release 3.1(1k), the unified software image includes Nexus Dashboard Insights. Nexus Dashboard Insights 6.4 and later are provided only as part of Nexus Dashboard. Upgrading to a fixed Nexus Dashboard image will also upgrade Nexus Dashboard Insights to a fixed version. POC / Exploit Code No specific POC or exploit code is included in the advisory.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco Nexus Dashboard SSRF Vulnerability Summary