Description

A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.

INFO

Published Date :

2024-10-02T16:55:25.503Z

Last Modified :

2024-10-02T17:26:08.329Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2024-20491 vulnerability.

Vendors Products
Cisco
  • Nexus Dashboard Fabric Controller
  • Nexus Dashboard Insights
  • Nexus Dashboard Orchestrator
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-20491.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact