📦 Nexus Dashboard

CVE-2022-20857 is a critical vulnerability in Cisco Nexus Dashboard that allows unauthenticated remote attackers to execute arbitrary commands, read/upload container images, or perform CSRF attacks. T...

CVE-2022-20861 allows unauthenticated remote attackers to execute arbitrary commands, read/upload container images, or perform CSRF attacks on Cisco Nexus Dashboard. Organizations using affected Cisco...

CVE-2021-44228 (Log4Shell) is a critical remote code execution vulnerability in Apache Log4j2 that allows attackers to execute arbitrary code by exploiting JNDI lookups in log messages. This affects a...

This vulnerability allows unauthenticated remote attackers to impersonate Cisco NDFC-managed devices via SSH man-in-the-middle attacks due to insufficient host key validation. Attackers could intercep...

An unauthenticated remote attacker can cause denial of service on Cisco Nexus Dashboard by sending continuous DNS requests. This vulnerability affects the coredns service and can cause service disrupt...

This vulnerability allows an unauthenticated remote attacker to perform man-in-the-middle attacks on SSL/TLS connections between Cisco Nexus Dashboard and its controllers, potentially altering communi...

This vulnerability allows authenticated low-privileged attackers to bypass authorization controls on REST API endpoints in Cisco Nexus Dashboard and NDFC. Attackers can view sensitive configuration da...

This vulnerability allows authenticated administrators to exploit path traversal via crafted backup files in Cisco Nexus Dashboard, potentially gaining root shell access. It affects Cisco Nexus Dashbo...

This vulnerability allows authenticated low-privileged attackers to bypass authorization controls on REST API endpoints in Cisco Nexus Dashboard and NDFC. Attackers can view sensitive configuration da...

An unauthenticated remote attacker can enumerate valid LDAP usernames on vulnerable Cisco Nexus Dashboard systems by sending authentication requests. This affects organizations using Cisco Nexus Dashb...

This vulnerability allows authenticated low-privileged attackers to upload or delete files on Cisco NDFC devices via a specific REST API endpoint with missing authorization controls. Only systems runn...

This vulnerability allows authenticated low-privileged attackers to access sensitive configuration information through a specific REST API endpoint in Cisco NDFC. Attackers can download configuration ...