What is CVE-2024-20281?

CVE-2024-20281 is a high-severity vulnerability in Cisco Data Center Network Manager, classified under Cross-Site Request Forgery (CSRF). CVSS score: 7.5/10. Published 2024-04-03.

How severe is CVE-2024-20281?

High severity. CVSS v3 base score is 7.5 out of 10.

CSRF in Cisco Data Center Network Manager

CVE-2024-20281

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected s…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.009 (75.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Cisco Data Center Network Manager — versions 12.1(1), 12.1.1e, 12.1.2e
Cisco Nexus Dashboard — versions 1.1(0c), 1.1(0d), 1.1(2h)
Cisco Nexus Dashboard Insights — versions 2.2.2.125, 2.2.2.126, 5.0.1.150
Cisco Nexus Dashboard Orchestrator — versions N/A

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

cisco-sa-ndfccsrf-TEmZEfJ9

Frequently asked questions

What is CVE-2024-20281?: CVE-2024-20281 is a high-severity vulnerability in Cisco Data Center Network Manager, classified under Cross-Site Request Forgery (CSRF). CVSS score: 7.5/10. Published 2024-04-03.
How severe is CVE-2024-20281?: High severity. CVSS v3 base score is 7.5 out of 10.