Cyber Resilience

CVE-2024-20438

Medium

Published: 02 October 2024

Published
02 October 2024
Modified
08 October 2024
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0014 34.4th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20438 is a medium-severity Protection Mechanism Failure (CWE-693) vulnerability in Cisco Nexus Dashboard. Its CVSS base score is 6.3 (Medium).

Operationally, ranked at the 34.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An…

more

attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
nexus dashboard
≤ 3.2\(1e\)
cisco
nexus dashboard fabric controller
12.0.0 — 12.2.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-862 CWE-693

Always invoking the reference monitor prevents missing authorization checks for protected resources.

addresses: CWE-693 CWE-862

Direct evaluation of whether controls produce desired security outcomes detects protection mechanism failures and enables remediation.

addresses: CWE-862 CWE-693

Requires verification that authorization checks are present and operational for protected resources.

addresses: CWE-693 CWE-862

Checking that all potentially impacted controls still function properly after maintenance detects and mitigates protection mechanism failures introduced during the process.

addresses: CWE-862 CWE-693

Tailoring ensures the authorization baseline is scoped and augmented so that missing authorization checks are identified and addressed for the target system.

addresses: CWE-693 CWE-862

When assessments or monitoring reveal that protection mechanisms are ineffective or bypassed, the required risk-response action directly restores or strengthens those mechanisms.

addresses: CWE-862

Requiring an access control policy ensures authorization checks are defined and applied for critical functions.

addresses: CWE-862

Reviews of access controls detect missing authorization checks on critical functions or resources.

References