Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability

cisco-sa-nd-cbid-5YqkOSHu · Medium · Published · Updated

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2026-20042
Cisco Bug IDsCSCwq66302
CVSS ScoreBase 6.5
Base 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Nexus Dashboard

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2026-20042 Cisco OpenVuln