1. Home
  2. CVE Database
  3. CVE-2024-20448
MEDIUM · 6.3

CVE-2024-20448

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitiv...

Vulnerability Description

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CiscoNexus Dashboard Fabric Controller< 12.2.2

Related Weaknesses (CWE)

CWE-313CWE-312

References

FAQ

What is CVE-2024-20448?

CVE-2024-20448 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitiv...

How severe is CVE-2024-20448?

CVE-2024-20448 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-20448?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nexus Dashboard Fabric Controller.