CVE-2026-20042

MEDIUM

Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability

Title source: cna

Description

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 7.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-295

Status published

Products (40)

Cisco/Cisco Nexus Dashboard 1.1(0c)

Cisco/Cisco Nexus Dashboard 1.1(0d)

Cisco/Cisco Nexus Dashboard 1.1(2h)

Cisco/Cisco Nexus Dashboard 1.1(2i)

Cisco/Cisco Nexus Dashboard 1.1(3c)

Cisco/Cisco Nexus Dashboard 1.1(3d)

Cisco/Cisco Nexus Dashboard 1.1(3e)

Cisco/Cisco Nexus Dashboard 1.1(3f)

Cisco/Cisco Nexus Dashboard 2.0(1b)

Cisco/Cisco Nexus Dashboard 2.0(1d)

... and 30 more

Published Apr 01, 2026

Tracked Since Apr 01, 2026