CVE-2024-20438

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-693
View all →

Vulnerability Description

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.

Related Vulnerabilities

CVE-2019-13924

MEDIUM
CVSS:5.4(Medium)

A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X...

CWE-6932019

CVE-2021-32729

MEDIUM
CVSS:5.4(Medium)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service meth...

CWE-6932021

CVE-2024-30050

MEDIUM
CVSS:5.4(Medium)

Windows Mark of the Web Security Feature Bypass Vulnerability

CWE-6932024

CVE-2024-38217

MEDIUM
CVSS:5.4(Medium)

Windows Mark of the Web Security Feature Bypass Vulnerability

CWE-6932024

CVE-2024-38874

MEDIUM
CVSS:5.4(Medium)

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference ...

CWE-6932024