Information disclosure in Cisco Nexus Dashboard Insights (NDI) - CVE-2024-20491
Published: October 3, 2024
Vulnerability identifier: #VU98018
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-20491
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Nexus Dashboard Insights (NDI)
Cisco Nexus Dashboard Insights (NDI)
Detailed vulnerability description
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to remote controller credentials are recorded in an internal log that is stored in the tech support file. A local attacker can view remote controller admin credentials in clear text.
How to mitigate CVE-2024-20491
Install updates from vendor's website.