CVE-2024-20490
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Summary
CVE-2024-20490 is a vulnerability in the logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) that allows attackers with access to tech support files to view sensitive information, including HTTP proxy server admin credentials stored in clear text. This vulnerability arises from the inappropriate logging of these credentials, which could be exploited by an attacker who can access the affected system's tech support file. The potential risk posed to organizations includes unauthorized access to external network configurations, leading to further exploitation or data breaches. To remediate this issue, organizations are advised to securely store debug logs and tech support files, sharing them only with trusted parties. The severity of this vulnerability is rated as medium, with a confidentiality impact classified as high, indicating significant risk if exploited.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.