Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2024-20281

Disclosure Date: April 03, 2024
CVE-2024-20281
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.

Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Cisco Data Center Network Manager 12.1(1)
Cisco Data Center Network Manager 12.1.1e
Cisco Data Center Network Manager 12.1.2e
Cisco Data Center Network Manager 12.1.3b
Cisco Data Center Network Manager 12.0.1a
Cisco Data Center Network Manager 12.0.2d
Cisco Data Center Network Manager 12.0.2f
Cisco Nexus Dashboard 1.1(0c)
Cisco Nexus Dashboard 1.1(0d)
Cisco Nexus Dashboard 1.1(2h)
Cisco Nexus Dashboard 1.1(2i)
Cisco Nexus Dashboard 1.1(3c)
Cisco Nexus Dashboard 1.1(3d)
Cisco Nexus Dashboard 1.1(3e)
Cisco Nexus Dashboard 1.1(3f)
Cisco Nexus Dashboard 2.0(1b)
Cisco Nexus Dashboard 2.0(1d)
Cisco Nexus Dashboard 2.0(2g)
Cisco Nexus Dashboard 2.0(2h)
Cisco Nexus Dashboard 2.1(1d)
Cisco Nexus Dashboard 2.1(1e)
Cisco Nexus Dashboard 2.1(2d)
Cisco Nexus Dashboard 2.1(2f)
Cisco Nexus Dashboard 2.2(1e)
Cisco Nexus Dashboard 2.2(1h)
Cisco Nexus Dashboard 2.2(2d)
Cisco Nexus Dashboard 2.3(1c)
Cisco Nexus Dashboard 2.3(2b)
Cisco Nexus Dashboard 2.3(2c)
Cisco Nexus Dashboard 2.3(2d)
Cisco Nexus Dashboard 2.3(2e)
Cisco Nexus Dashboard 3.0(1f)
Cisco Nexus Dashboard Orchestrator N/A
Cisco Nexus Dashboard Insights 2.2.2.125
Cisco Nexus Dashboard Insights 2.2.2.126
Cisco Nexus Dashboard Insights 5.0.1.150
Cisco Nexus Dashboard Insights 5.0.1.154
Cisco Nexus Dashboard Insights 5.1.0.131
Cisco Nexus Dashboard Insights 5.1.0.135
Cisco Nexus Dashboard Insights 6.0.1
Cisco Nexus Dashboard Insights 6.0.2
Cisco Nexus Dashboard Insights 6.1.1
Cisco Nexus Dashboard Insights 6.1.2
Cisco Nexus Dashboard Insights 6.1.3
Cisco Nexus Dashboard Insights 6.3.1
Cisco Nexus Dashboard Insights 6.2.1
Cisco Nexus Dashboard Insights 6.2.2
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis