Skip to main content

Cisco Nexus Dashboard CVE-2026-20042

| EUVDEUVD-2026-17935 MEDIUM
Improper Certificate Validation (CWE-295)
2026-04-01 cisco GHSA-4jcc-jgc6-vpm7
6.5
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 01, 2026 - 17:30 euvd
EUVD-2026-17935
Analysis Generated
Apr 01, 2026 - 17:30 vuln.today
CVE Published
Apr 01, 2026 - 16:27 nvd
MEDIUM 6.5

DescriptionCVE.org

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information.

This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.

AnalysisAI

Cisco Nexus Dashboard configuration backup feature allows authenticated administrators to extract sensitive authentication credentials from encrypted backup files, enabling subsequent unauthorized access to internal APIs and arbitrary root-level command execution on the underlying operating system. The vulnerability requires possession of both a valid backup file and its encryption password, limiting exploitation to administrators or attackers with backup file access. CVSS 6.5 reflects the high-privilege requirement (PR:H) despite high confidentiality and integrity impact; no public exploit or active exploitation has been identified.

Technical ContextAI

The vulnerability stems from improper credential handling in Cisco Nexus Dashboard's backup encryption mechanism. Authentication details (likely API credentials, SSH keys, or other system credentials) are embedded in plaintext or recoverable form within encrypted backup files rather than being excluded or separately protected. While the backup files themselves are encrypted, an attacker who possesses both the encrypted file and the encryption password can decrypt the contents and extract these credentials. The root cause maps to CWE-295 (Improper Certificate Validation), though the actual weakness involves credential storage rather than certificate validation specifically-this may indicate overly broad CWE classification or the vulnerability's relationship to trust boundary validation in API authentication. The affected product is Cisco Nexus Dashboard across all versions (CPE: cpe:2.3:a:cisco:cisco_nexus_dashboard:*:*:*:*:*:*:*:*), suggesting the flaw exists in the backup feature's core design.

RemediationAI

Consult the official Cisco Security Advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu) for specific patched versions and upgrade instructions. In the interim, implement compensating controls: restrict backup file access to authorized personnel only, store backup files in encrypted repositories with strict access controls, use strong encryption passwords and rotate them regularly, disable the configuration backup feature if not actively required, audit all backup file downloads and access, and verify that backup files are not transmitted over unencrypted channels. Additionally, monitor for suspicious API access attempts that could indicate credential extraction from backups.

Share

CVE-2026-20042 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy