What is CVE-2024-20385?

CVE-2024-20385 is a medium-severity vulnerability in Cisco Nexus Dashboard Orchestrator, classified under Improper Certificate Validation. CVSS score: 5.9/10. Published 2024-10-02.

How severe is CVE-2024-20385?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Cisco Nexus Dashboard Orchestrator

CVE-2024-20385

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.  This vulnerability exists becaus…

Vulnerability class: Improper Certificate Validation

EPSS: 0.002 (37.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Cisco Nexus Dashboard Orchestrator — versions 3.7(1d), 3.7(1g), 3.7(1h)

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

References

cisco-sa-ndo-tlsvld-FdUF3cpw

Frequently asked questions

What is CVE-2024-20385?: CVE-2024-20385 is a medium-severity vulnerability in Cisco Nexus Dashboard Orchestrator, classified under Improper Certificate Validation. CVSS score: 5.9/10. Published 2024-10-02.
How severe is CVE-2024-20385?: Medium severity. CVSS v3 base score is 5.9 out of 10.