CVE-2024-20536 - Cisco Nexus Dashboard Fabric Controller SQL Injection

2 weeks ago 9
ARTICLE AD BOX
CVE ID : CVE-2024-20536
Published : Nov. 6, 2024, 5:15 p.m. | 24 minutes ago
Description : A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device. 
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article