CVE-2024-20536: Cisco NDFC Vulnerability Grants Attackers Extensive Control
In a recent security advisory, Cisco disclosed a high-severity SQL injection vulnerability, designated as CVE-2024-20536 (CVSS 8.8), affecting specific versions of its Nexus Dashboard Fabric Controller (NDFC). This flaw poses a critical risk to network security, as it allows authenticated, remote attackers to execute arbitrary SQL commands on affected devices.
The vulnerability lies in a REST API endpoint and the web-based management interface of Cisco NDFC. According to Cisco’s advisory, it stems from “insufficient validation of user-supplied input,” enabling attackers with read-only access to manipulate SQL commands. Exploiting this flaw could allow attackers to “read, modify, or delete arbitrary data on an internal database,” potentially affecting device availability and creating broader security implications.
Cisco notes that, while the vulnerability is severe, it does not impact systems configured for storage area network (SAN) controller deployment—a crucial consideration for administrators assessing their exposure.
To exploit CVE-2024-20536, an attacker would need access to the REST API endpoint or management interface of an affected device. By sending a crafted request, the attacker could bypass input validation and execute malicious SQL commands. Such access could have far-reaching consequences, affecting data integrity and network functionality.
This vulnerability impacts only Cisco NDFC releases 12.1.2 and 12.1.3. No workarounds are available, leaving affected organizations reliant on Cisco’s latest software updates to secure their devices.
Cisco credits researchers Harm Blankers, Jasper Westerman, and Yanick de Pater of REQON B.V. for identifying and responsibly disclosing this vulnerability.
Administrators should immediately assess their networks and ensure they are running patched versions of Cisco NDFC. Given the potential for data manipulation and service disruption, swift action is essential to avoid becoming a target for malicious actors who may eventually exploit this SQL injection vulnerability.
