#VU98018 Information disclosure in Cisco Nexus Dashboard Insights (NDI) - CVE-2024-20491
Published: October 3, 2024
Vulnerability identifier: #VU98018
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-20491
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Nexus Dashboard Insights (NDI)
Cisco Nexus Dashboard Insights (NDI)
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to remote controller credentials are recorded in an internal log that is stored in the tech support file. A local attacker can view remote controller admin credentials in clear text.
Remediation
Install updates from vendor's website.