Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability
Description
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device.
This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 11.2(1)
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.