Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

证书验证不恰当

Cisco Nexus Dashboard 信任管理问题漏洞

Cisco Nexus Dashboard是美国思科（Cisco）公司的一个单一控制台。能够简化数据中心网络的运营和管理。 Cisco Nexus Dashboard存在信任管理问题漏洞，该漏洞源于加密备份文件中包含身份验证详细信息，可能导致攻击者访问敏感信息并执行任意命令。

N/A

N/A