Cisco reports critical vlnerability in Nexus Dashboard Fabric Controller
Take action: The flaw requires the attacker to be authenticated, so the attack vector is two-fold: Phishing/malware against a real user, or credential stuffing attacks. Plan to patch your NDFC, and in the meantime lock down the UI and API to trusted networks and alert the users to be very mindful of phishing and malware.
Learn More
A critical vulnerability has been identified in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC).
The flaw, tracked as CVE-2024-20432 (CVSS score 9.9) allows an authenticated, low-privileged remote attacker to perform command injection on an affected system, potentially gaining network-admin level privileges.
- Cisco NDFC is vulnerable, but Cisco Nexus Dashboard Insights and Cisco Nexus Dashboard Orchestrator (NDO) are confirmed not to be affected.
- Vulnerable Versions: Cisco NDFC 12.0 and earlier versions are vulnerable, with the first fixed release being 12.2.2.
- This vulnerability does not affect Cisco NDFC when it is configured for SAN controller deployment.
Cisco has released free software updates to address this vulnerability. Users should upgrade to Cisco NDFC 12.2.2 or later versions, or Cisco Nexus Dashboard Release 3.2(1e), which includes the fix.
There are no workarounds for this vulnerability, so upgrading to the fixed version is necessary to mitigate the risk.
As of now, there are no public reports of exploitation, and the issue was discovered during internal security testing by Cisco.
