CVE-2024-20281 HIGH

CVE-2024-20281

Vendor Cisco
Product Cisco Data Center Network Manager
Weakness CWE-352 · CSRF
Published April 3, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability.

Key dates

02Disclosure timeline

April 3, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-52446 WordPress Buying Buddy IDX CRM plugin <= 1.2.8 - CSRF to PHP Object Injection vulnerability CVE-2025-49965 WordPress PixelBeds Channel Manager and Hotel Booking Engine plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2023-2746 Rockwell Automation Enhanced HIM Vulnerable to Cross-Site Request Forgery Attack CVE-2025-49345 WordPress WP-EasyArchives plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-53765 WordPress Mins To Read plugin <= 1.2.2 - CSRF to Stored XSS vulnerability