Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information.
This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.
AnalysisAI
Cisco Nexus Dashboard configuration backup feature allows authenticated administrators to extract sensitive authentication credentials from encrypted backup files, enabling subsequent unauthorized access to internal APIs and arbitrary root-level command execution on the underlying operating system. The vulnerability requires possession of both a valid backup file and its encryption password, limiting exploitation to administrators or attackers with backup file access. CVSS 6.5 reflects the high-privilege requirement (PR:H) despite high confidentiality and integrity impact; no public exploit or active exploitation has been identified.
Technical ContextAI
The vulnerability stems from improper credential handling in Cisco Nexus Dashboard's backup encryption mechanism. Authentication details (likely API credentials, SSH keys, or other system credentials) are embedded in plaintext or recoverable form within encrypted backup files rather than being excluded or separately protected. While the backup files themselves are encrypted, an attacker who possesses both the encrypted file and the encryption password can decrypt the contents and extract these credentials. The root cause maps to CWE-295 (Improper Certificate Validation), though the actual weakness involves credential storage rather than certificate validation specifically-this may indicate overly broad CWE classification or the vulnerability's relationship to trust boundary validation in API authentication. The affected product is Cisco Nexus Dashboard across all versions (CPE: cpe:2.3:a:cisco:cisco_nexus_dashboard:*:*:*:*:*:*:*:*), suggesting the flaw exists in the backup feature's core design.
RemediationAI
Consult the official Cisco Security Advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu) for specific patched versions and upgrade instructions. In the interim, implement compensating controls: restrict backup file access to authorized personnel only, store backup files in encrypted repositories with strict access controls, use strong encryption passwords and rotate them regularly, disable the configuration backup feature if not actively required, audit all backup file downloads and access, and verify that backup files are not transmitted over unencrypted channels. Additionally, monitor for suspicious API access attempts that could indicate credential extraction from backups.
More in Cisco Nexus Dashboard
View allSame weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17935
GHSA-4jcc-jgc6-vpm7