Summary: Cisco has disclosed a high-severity SQL injection vulnerability (CVE-2024-20536) affecting its Nexus Dashboard Fabric Controller (NDFC), which allows authenticated remote attackers to execute arbitrary SQL commands. This flaw poses significant risks to network security, potentially compromising data integrity and availability.
Threat Actor: Unknown | unknown
Victim: Cisco | Cisco
Key Point :
- The vulnerability is rated CVSS 8.8 and affects Cisco NDFC releases 12.1.2 and 12.1.3.
- Attackers can exploit the flaw by sending crafted requests to the REST API endpoint or management interface.
- No workarounds are available; organizations must update to the latest software to mitigate risks.
- The vulnerability does not affect systems configured for storage area network (SAN) controller deployment.
- Researchers from REQON B.V. are credited with identifying and disclosing the vulnerability responsibly.
In a recent security advisory, Cisco disclosed a high-severity SQL injection vulnerability, designated as CVE-2024-20536 (CVSS 8.8), affecting specific versions of its Nexus Dashboard Fabric Controller (NDFC). This flaw poses a critical risk to network security, as it allows authenticated, remote attackers to execute arbitrary SQL commands on affected devices.
The vulnerability lies in a REST API endpoint and the web-based management interface of Cisco NDFC. According to Cisco’s advisory, it stems from “insufficient validation of user-supplied input,” enabling attackers with read-only access to manipulate SQL commands. Exploiting this flaw could allow attackers to “read, modify, or delete arbitrary data on an internal database,” potentially affecting device availability and creating broader security implications.
Cisco notes that, while the vulnerability is severe, it does not impact systems configured for storage area network (SAN) controller deployment—a crucial consideration for administrators assessing their exposure.
To exploit CVE-2024-20536, an attacker would need access to the REST API endpoint or management interface of an affected device. By sending a crafted request, the attacker could bypass input validation and execute malicious SQL commands. Such access could have far-reaching consequences, affecting data integrity and network functionality.
This vulnerability impacts only Cisco NDFC releases 12.1.2 and 12.1.3. No workarounds are available, leaving affected organizations reliant on Cisco’s latest software updates to secure their devices.
Cisco credits researchers Harm Blankers, Jasper Westerman, and Yanick de Pater of REQON B.V. for identifying and responsibly disclosing this vulnerability.
Administrators should immediately assess their networks and ensure they are running patched versions of Cisco NDFC. Given the potential for data manipulation and service disruption, swift action is essential to avoid becoming a target for malicious actors who may eventually exploit this SQL injection vulnerability.
Related Posts:
Views: 0