VYPR

Nexus Dashboard Fabric Controller

by Cisco Systems, Inc.

CVEs (10)

  • CVE-2024-20432CriOct 2, 2024
    risk 0.64cvss 9.9epss 0.01

    A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user…

  • CVE-2025-20163HigJun 4, 2025
    risk 0.57cvss 8.7epss 0.00

    A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit…

  • CVE-2024-20536HigNov 6, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is…

  • CVE-2024-20449HigOct 2, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this…

  • CVE-2024-20348HigApr 3, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attacker…

  • CVE-2024-20490MedOct 2, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy…

  • CVE-2024-20448MedOct 2, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of…

  • CVE-2024-20444MedOct 2, 2024
    risk 0.36cvss 5.5epss 0.01

    A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This…

  • CVE-2025-20348Aug 27, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This…

  • CVE-2025-20347Aug 27, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This…