A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Aug 2025 00:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco nexus Dashboard Fabric Controller
|
|
CPEs | cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:12.1.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:nexus_dashboard_fabric_controller:12.1.3:*:*:*:*:*:*:* |
|
Vendors & Products |
Cisco nexus Dashboard Fabric Controller
|
Sat, 12 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Wed, 06 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco
Cisco data Center Network Manager |
|
CPEs | cpe:2.3:a:cisco:data_center_network_manager:12.1.2e:*:*:*:*:*:*:* cpe:2.3:a:cisco:data_center_network_manager:12.1.2p:*:*:*:*:*:*:* cpe:2.3:a:cisco:data_center_network_manager:12.1.3b:*:*:*:*:*:*:* |
|
Vendors & Products |
Cisco
Cisco data Center Network Manager |
|
Metrics |
ssvc
|
Wed, 06 Nov 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device. | |
Title | Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: cisco
Published:
Updated: 2024-11-09T04:55:53.544Z
Reserved: 2023-11-08T15:08:07.693Z
Link: CVE-2024-20536

Updated: 2024-11-06T17:18:02.652Z

Status : Analyzed
Published: 2024-11-06T17:15:19.140
Modified: 2025-08-07T00:23:00.243
Link: CVE-2024-20536

No data.

No data.