Cisco Nexus Dashboard Flaw Let Attackers Read Arbitrary Files

Cisco Nexus Dashboard Fabric Controller is a network management platform for all NX-OS-enabled devices. It enables data center operation teams to perform deep-dive troubleshooting and maintenance operations. 

A new vulnerability has been discovered in the Cisco Nexus Dashboard Fabric Controller, which was associated with the Out-of-band (OOB) Plug and Play (PnP) feature.

This vulnerability allows an unauthenticated remote threat actor to read arbitrary files on the affected devices.

However, Cisco has patched this vulnerability and released a security advisory to address it. This vulnerability has been assigned CVE-2024-20348, and the severity has been given as 7.5 (High).

Vulnerability Analysis – CVE-2024-20348

According to the reports shared with Cyber Security News, this vulnerability exists due to an unauthenticated provisioning web server, which a threat actor can exploit by sending direct web requests to the server.

Document
Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

If the exploitation is successful, the threat actor can read sensitive files in the PnP container, which can be used to escalate harmful attacks on the PnP infrastructure. Cisco has stated that there are no workarounds for mitigating this vulnerability.

Products affected by this vulnerability include NDFC Release 12.1.3b with a default configuration.

In fact, the Cisco Nexus Dashboard hosting this NDFC is deployed as a cluster that connects each service node to the data and management networks. 

Nevertheless, the scope of this vulnerability is limited to data network interfaces and does not impact the management interfaces. Moreover, there has been no evidence of threat actors exploiting this vulnerability in the wild.

Fixed In Release

Cisco NDFC ReleaseFirst Fixed Release
12.1.2 and earlierNot vulnerable.
12.1.3Migrate to a fixed release.
12.2.11Not vulnerable.

It is recommended that users of the Cisco Nexus Dashboard upgrade to the latest version to prevent threat actors from exploiting this vulnerability.

Secure your emails in a heartbeat! Take Trustifi free 30-second assessment and get matched with your ideal email security vendor - Try Here
Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.