Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability
Summary
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the att…
- Scope: At the time of publication, this vulnerability affected Cisco devices if they are running a vulnerable release of Cisco Nexus Dashboard, regardless of device configuration.
- 3.2 and earlier — Migrate to a fixed release
- 4.1 — Migrate to a fixed release
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 3.2 and earlier: migrate to a fixed release.
- Release 4.1: migrate to a fixed release.
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.