CVE-2025-20348

{"id": "CVE-2025-20348", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}]}, "published": "2025-08-27T17:15:37.147", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nshs-urapi-gJuBVFpu", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-201"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device.\r\n\r\nThis vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device."}, {"lang": "es", "value": "Una vulnerabilidad en los endpoints de la API REST de Cisco Nexus Dashboard y Cisco Nexus Dashboard Fabric Controller (NDFC) podr\u00eda permitir que un atacante remoto autenticado y con pocos privilegios acceda a informaci\u00f3n confidencial o cargue y modifique archivos en un dispositivo afectado. Esta vulnerabilidad se debe a la falta de controles de autorizaci\u00f3n en algunos endpoints de la API REST. Un atacante podr\u00eda explotar esta vulnerabilidad enviando solicitudes de API manipuladas a un endpoint afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar funciones limitadas de administrador, como acceder a informaci\u00f3n confidencial sobre las configuraciones de proxy HTTP y NTP, cargar im\u00e1genes y da\u00f1ar archivos de imagen en un dispositivo afectado."}], "lastModified": "2025-09-08T16:22:06.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C23A6467-EA90-4111-94DA-00277873AD91", "versionEndExcluding": "4.1\\(1g\\)"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}