CVE-2026-20042

Summary

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information.

This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Nexus Dashboard1.1(3e)affected
CiscoCisco Nexus Dashboard1.1(3c)affected
CiscoCisco Nexus Dashboard1.1(3d)affected
CiscoCisco Nexus Dashboard1.1(0d)affected
CiscoCisco Nexus Dashboard1.1(2i)affected
CiscoCisco Nexus Dashboard2.0(1b)affected
CiscoCisco Nexus Dashboard1.1(2h)affected
CiscoCisco Nexus Dashboard1.1(0c)affected
CiscoCisco Nexus Dashboard1.1(3f)affected
CiscoCisco Nexus Dashboard2.1(1d)affected
CiscoCisco Nexus Dashboard2.1(1e)affected
CiscoCisco Nexus Dashboard2.0(2g)affected
CiscoCisco Nexus Dashboard2.0(2h)affected
CiscoCisco Nexus Dashboard2.1(2d)affected
CiscoCisco Nexus Dashboard2.0(1d)affected
CiscoCisco Nexus Dashboard2.2(1h)affected
CiscoCisco Nexus Dashboard2.2(1e)affected
CiscoCisco Nexus Dashboard2.2(2d)affected
CiscoCisco Nexus Dashboard2.1(2f)affected
CiscoCisco Nexus Dashboard2.3(1c)affected
CiscoCisco Nexus Dashboard2.3(2b)affected
CiscoCisco Nexus Dashboard2.3(2c)affected
CiscoCisco Nexus Dashboard2.3(2d)affected
CiscoCisco Nexus Dashboard2.3(2e)affected
CiscoCisco Nexus Dashboard3.0(1f)affected
CiscoCisco Nexus Dashboard3.0(1i)affected
CiscoCisco Nexus Dashboard3.1(1k)affected
CiscoCisco Nexus Dashboard3.1(1l)affected
CiscoCisco Nexus Dashboard3.2(1e)affected
CiscoCisco Nexus Dashboard3.2(1i)affected
CiscoCisco Nexus Dashboard3.3(1a)affected
CiscoCisco Nexus Dashboard3.3(1b)affected
CiscoCisco Nexus Dashboard3.3(2b)affected
CiscoCisco Nexus Dashboard4.0(1i)affected
CiscoCisco Nexus Dashboard3.3(2g)affected
CiscoCisco Nexus Dashboard3.2(2f)affected
CiscoCisco Nexus Dashboard3.2(2g)affected
CiscoCisco Nexus Dashboard3.2(2m)affected
CiscoCisco Nexus Dashboard3.1(1n)affected
CiscoCisco Nexus Dashboard4.1(1g)affected

Weaknesses

  • CWE-295: Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References