CVE-2024-20448

MEDIUM
Published Oct 2, 2024 Modified Oct 8, 2024 CWE-313 CWE-312

Description

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key.

CVSS v3.1 Score

6.3
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Weakness Type (CWE)

CWE-313 CWE-313
CWE-312 CWE-312

Affected Products

Vendor Product
cisco nexus_dashboard_fabric_controller

References

Frequently Asked Questions

What is CVE-2024-20448? +
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key. It has a CVSS v3.1 base score of 6.3 (MEDIUM).
How severe is CVE-2024-20448? +
CVE-2024-20448 has a CVSS v3.1 score of 6.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2024-20448? +
CVE-2024-20448 affects products from cisco, specifically: nexus_dashboard_fabric_controller. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-20448? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-5098 9.1

PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account …
CVE-2025-4397 6.8

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials …
CVE-2025-36154 6.2

IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a …
CVE-2024-6785 5.5

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, …
CVE-2024-30406 5.5

A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the …
CVE-2024-38280 4.6

An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-20448 — free, no signup required.

Start Free Scan