← Back to CVE List

CVE-2024-20536

Published: 2024-11-06T17:15Z
Last Modified: 2024-11-06T18:17Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device.  > MITRE Terms of Use apply – see LICENSE‑MITRE.txt