Cisco Nexus Dashboard Fabric Controller is a network management platform for all NX-OS-enabled devices. It enables data center operation teams to perform deep-dive troubleshooting and maintenance operations.
A new vulnerability has been discovered in the Cisco Nexus Dashboard Fabric Controller, which was associated with the Out-of-band (OOB) Plug and Play (PnP) feature.
This vulnerability allows an unauthenticated remote threat actor to read arbitrary files on the affected devices.
However, Cisco has patched this vulnerability and released a security advisory to address it. This vulnerability has been assigned CVE-2024-20348, and the severity has been given as 7.5 (High).
Vulnerability Analysis – CVE-2024-20348
According to the reports shared with Cyber Security News, this vulnerability exists due to an unauthenticated provisioning web server, which a threat actor can exploit by sending direct web requests to the server.
If the exploitation is successful, the threat actor can read sensitive files in the PnP container, which can be used to escalate harmful attacks on the PnP infrastructure. Cisco has stated that there are no workarounds for mitigating this vulnerability.
Products affected by this vulnerability include NDFC Release 12.1.3b with a default configuration.
In fact, the Cisco Nexus Dashboard hosting this NDFC is deployed as a cluster that connects each service node to the data and management networks.
Nevertheless, the scope of this vulnerability is limited to data network interfaces and does not impact the management interfaces. Moreover, there has been no evidence of threat actors exploiting this vulnerability in the wild.
Fixed In Release
| Cisco NDFC Release | First Fixed Release |
| 12.1.2 and earlier | Not vulnerable. |
| 12.1.3 | Migrate to a fixed release. |
| 12.2.11 | Not vulnerable. |
It is recommended that users of the Cisco Nexus Dashboard upgrade to the latest version to prevent threat actors from exploiting this vulnerability.
