CVE-2024-20348 - Vulnerability Details - OpenCVE

A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Nexus Dashboard Fabric Controller

Configuration 1 [-]

OR	cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:12.1.3:::::::*
	cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:12.1.3b:::::::*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-dir-trav-SSn3AYDw

History

Wed, 07 May 2025 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco nexus Dashboard Fabric Controller
Weaknesses		CWE-22
CPEs		cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:12.1.3:::::::* cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:12.1.3b:::::::*
Vendors & Products		Cisco Cisco nexus Dashboard Fabric Controller

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-04-03T16:25:38.367Z

Updated: 2024-08-01T21:59:41.558Z

Reserved: 2023-11-08T15:08:07.646Z

Link: CVE-2024-20348

Vulnrichment

Updated: 2024-08-01T21:59:41.558Z

NVD

Status : Analyzed

Published: 2024-04-03T17:15:49.310

Modified: 2025-05-07T16:08:57.033

Link: CVE-2024-20348

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20348", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.646Z", "datePublished": "2024-04-03T16:25:38.367Z", "dateUpdated": "2024-08-01T21:59:41.558Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-04-03T16:25:38.367Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files.\r\n\r This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure."}], "affected": [{"vendor": "Cisco", "product": "Cisco Data Center Network Manager", "versions": [{"version": "12.1.3b", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Path Traversal", "type": "cwe", "cweId": "CWE-27"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-dir-trav-SSn3AYDw", "name": "cisco-sa-ndfc-dir-trav-SSn3AYDw"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-ndfc-dir-trav-SSn3AYDw", "discovery": "INTERNAL", "defects": ["CSCwi75139"]}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20348", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T18:12:01.478507Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:40:12.463Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:41.558Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-dir-trav-SSn3AYDw", "name": "cisco-sa-ndfc-dir-trav-SSn3AYDw", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-dir-trav-SSn3AYDw", "name": "cisco-sa-ndfc-dir-trav-SSn3AYDw", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:41.558Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20348", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T18:12:01.478507Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:21.723Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"source": {"defects": ["CSCwi75139"], "advisory": "cisco-sa-ndfc-dir-trav-SSn3AYDw", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Data Center Network Manager", "versions": [{"status": "affected", "version": "12.1.3b"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-dir-trav-SSn3AYDw", "name": "cisco-sa-ndfc-dir-trav-SSn3AYDw"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files.\r\n\r This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-27", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-04-03T16:25:38.367Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20348", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:59:41.558Z", "dateReserved": "2023-11-08T15:08:07.646Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-04-03T16:25:38.367Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:12.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "51EE96E1-D7D3-4C58-AAA3-7A2C29B4F283", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:12.1.3b:*:*:*:*:*:*:*", "matchCriteriaId": "CE6758BE-3518-42AF-8355-041879D1AD17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files.\r\n\r This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure."}, {"lang": "es", "value": "Una vulnerabilidad en la funci\u00f3n Plug and Play (PnP) fuera de banda (OOB) de Cisco Nexus Dashboard Fabric Controller (NDFC) podr\u00eda permitir que un atacante remoto no autenticado lea archivos arbitrarios. Esta vulnerabilidad se debe a un servidor web de aprovisionamiento no autenticado. Un atacante podr\u00eda aprovechar esta vulnerabilidad mediante solicitudes web directas al servidor de aprovisionamiento. Un exploit exitoso podr\u00eda permitir al atacante leer archivos confidenciales en el contenedor PnP, lo que podr\u00eda facilitar futuros ataques a la infraestructura PnP."}], "id": "CVE-2024-20348", "lastModified": "2025-05-07T16:08:57.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-04-03T17:15:49.310", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-dir-trav-SSn3AYDw"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-dir-trav-SSn3AYDw"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-27"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Primary"}]}