Detections
Analytics
Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access (cisco-sa-nd-cbid-5YqkOSHu)
medium Nessus Plugin ID 304810
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version, Cisco Nexus Dashboard is affected by a vulnerability.- A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. (CVE-2026-20042)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Solution
Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwq66302See Also
Plugin Details
Severity: Medium
ID: 304810
File Name: cisco-sa-nd-cbid-5YqkOSHu.nasl
Version: 1.1
Type: Combined
Family: CISCO
Published: 4/3/2026
Updated: 4/3/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.7
CVSS v2
Risk Factor: High
Base Score: 7.7
Temporal Score: 5.7
Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:N
CVSS Score Source: CVE-2026-20042
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:nexus_dashboard
Required KB Items: installed_sw/Nexus Dashboard
Exploit Ease: No known exploits are available
Patch Publication Date: 4/1/2026
Vulnerability Publication Date: 4/1/2026
Reference Information
CVE: CVE-2026-20042