CVE-2024-20448

Summary

CVE-2024-20448 is a vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) software that allows an attacker with access to a backup file to view sensitive information. This issue arises from the improper storage of sensitive data within config-only and full backup files, enabling the attacker to extract credentials, private keys, and encryption keys from affected devices. The vulnerability affects multiple products associated with the NDFC. To remediate this issue, organizations should ensure proper access controls are implemented on backup files and update to the latest version of NDFC as advised by Cisco. If exploited, this vulnerability poses a medium severity risk, potentially leading to unauthorized access to critical system information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.