CVE-2026-20042 - Vulnerability Details

- Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability

Description

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information.

This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.

Published: 2026-04-01

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows an attacker who has both the encryption password and access to backup files to decrypt the configuration backup. Once decrypted, the attacker can extract authentication credentials stored in the backup file, use them to access internal-only APIs, and ultimately execute arbitrary commands as the root user of the device.

Affected Systems

Cisco Nexus Dashboard is affected by this flaw. No specific version information is supplied, so all installations of the product should be considered potentially vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 6.5, indicating a medium to high severity. The EPSS score is not available, and it is not listed in the CISA KEV catalog. An attacker must obtain the encryption password and a valid backup file, then use those credentials to decrypt the backup and perform the malicious actions. Exploitation likely requires either local access to backups or the ability to obtain the backup files through other means. The attack vector appears to be indirect, relying on compromised backup file access rather than a direct remote service attack.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco Nexus Dashboard

unknown

Version	Status	Constraints
`1.1(3e)`	affected	—
`1.1(3c)`	affected	—
`1.1(3d)`	affected	—
`1.1(0d)`	affected	—
`1.1(2i)`	affected	—
`2.0(1b)`	affected	—
`1.1(2h)`	affected	—
`1.1(0c)`	affected	—
`1.1(3f)`	affected	—
`2.1(1d)`	affected	—
`2.1(1e)`	affected	—
`2.0(2g)`	affected	—
`2.0(2h)`	affected	—
`2.1(2d)`	affected	—
`2.0(1d)`	affected	—
`2.2(1h)`	affected	—
`2.2(1e)`	affected	—
`2.2(2d)`	affected	—
`2.1(2f)`	affected	—
`2.3(1c)`	affected	—
`2.3(2b)`	affected	—
`2.3(2c)`	affected	—
`2.3(2d)`	affected	—
`2.3(2e)`	affected	—
`3.0(1f)`	affected	—
`3.0(1i)`	affected	—
`3.1(1k)`	affected	—
`3.1(1l)`	affected	—
`3.2(1e)`	affected	—
`3.2(1i)`	affected	—
`3.3(1a)`	affected	—
`3.3(1b)`	affected	—
`3.3(2b)`	affected	—
`4.0(1i)`	affected	—
`3.3(2g)`	affected	—
`3.2(2f)`	affected	—
`3.2(2g)`	affected	—
`3.2(2m)`	affected	—
`3.1(1n)`	affected	—
`4.1(1g)`	affected	—

No data.

Vendor Product Confidence Versions

Cisco

Nexus Dashboard

88%

Version	Status	Scheme	Platform
`1.1(3e)`	affected	generic	—
`1.1(3c)`	affected	generic	—
`1.1(3d)`	affected	generic	—
`1.1(0d)`	affected	generic	—
`1.1(2i)`	affected	generic	—
`2.0(1b)`	affected	generic	—
`1.1(2h)`	affected	generic	—
`1.1(0c)`	affected	generic	—
`1.1(3f)`	affected	generic	—
`2.1(1d)`	affected	generic	—
`2.1(1e)`	affected	generic	—
`2.0(2g)`	affected	generic	—
`2.0(2h)`	affected	generic	—
`2.1(2d)`	affected	generic	—
`2.0(1d)`	affected	generic	—
`2.2(1h)`	affected	generic	—
`2.2(1e)`	affected	generic	—
`2.2(2d)`	affected	generic	—
`2.1(2f)`	affected	generic	—
`2.3(1c)`	affected	generic	—
`2.3(2b)`	affected	generic	—
`2.3(2c)`	affected	generic	—
`2.3(2d)`	affected	generic	—
`2.3(2e)`	affected	generic	—
`3.0(1f)`	affected	generic	—
`3.0(1i)`	affected	generic	—
`3.1(1k)`	affected	generic	—
`3.1(1l)`	affected	generic	—
`3.2(1e)`	affected	generic	—
`3.2(1i)`	affected	generic	—
`3.3(1a)`	affected	generic	—
`3.3(1b)`	affected	generic	—
`3.3(2b)`	affected	generic	—
`4.0(1i)`	affected	generic	—
`3.3(2g)`	affected	generic	—
`3.2(2f)`	affected	generic	—
`3.2(2g)`	affected	generic	—
`3.2(2m)`	affected	generic	—
`3.1(1n)`	affected	generic	—
`4.1(1g)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Verify all backup files for embedded authentication credentials and remove them if possible.
Control access to backup files and encryption passwords so that only trusted administrators can retrieve them.
Implement firewall rules or network segmentation to restrict access to internal-only APIs from untrusted hosts.
Apply any Cisco patches or updates that remove the vulnerability once available.
Monitor system logs for unusual API activity or command execution events.

Generated by OpenCVE AI on April 2, 2026 at 02:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00027.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu

History

Fri, 03 Apr 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco nexus Dashboard
Vendors & Products		Cisco Cisco nexus Dashboard

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.
Title		Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability
Weaknesses		CWE-295
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Cisco Nexus Dashboard

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2026-04-01T16:27:49.948Z

Updated: 2026-04-02T03:56:08.575Z

Reserved: 2025-10-08T11:59:15.354Z

Link: CVE-2026-20042

Vulnrichment

Updated: 2026-04-01T18:12:46.925Z

NVD

Status : Awaiting Analysis

Published: 2026-04-01T17:28:26.173

Modified: 2026-04-03T16:11:11.357

Link: CVE-2026-20042

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-03T08:58:37Z

Weaknesses

CWE-295

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object