WID-SEC-W-2026-0955

Vulnerability from csaf_certbund - Published: 2026-04-01 22:00 - Updated: 2026-04-01 22:00
Summary
Cisco Nexus Dashboard und Insights: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Cisco Nexus Dashboard ist ein Dashboard für Rechenzentren zur Verwaltung von Hybrid-Cloud-Netzwerken.
Angriff: Ein kann mehrere Schwachstellen in Cisco Nexus Dashboard und Insights ausnutzen, um Dateien zu manipulieren oder vertrauliche Informationen offenzulegen, was möglicherweise weitere Angriffe ermöglicht.
Betroffene Betriebssysteme: - CISCO Appliance
CVE-2026-20041
Affected products
Product Identifier Version Remediation
Cisco Nexus Dashboard <4.2
Cisco / Nexus Dashboard
 <4.2
Cisco Nexus Dashboard Insights
Cisco / Nexus Dashboard
 cpe:/a:cisco:nexus_dashboard:insights Insights
CVE-2026-20042
Affected products
Product Identifier Version Remediation
Cisco Nexus Dashboard <4.2
Cisco / Nexus Dashboard
 <4.2
CVE-2026-20174
Affected products
Product Identifier Version Remediation
Cisco Nexus Dashboard <4.2
Cisco / Nexus Dashboard
 <4.2
Cisco Nexus Dashboard Insights
Cisco / Nexus Dashboard
 cpe:/a:cisco:nexus_dashboard:insights Insights
References
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Cisco Nexus Dashboard ist ein Dashboard f\u00fcr Rechenzentren zur Verwaltung von Hybrid-Cloud-Netzwerken.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein kann mehrere Schwachstellen in Cisco Nexus Dashboard und Insights ausnutzen, um Dateien zu manipulieren oder vertrauliche Informationen offenzulegen, was m\u00f6glicherweise weitere Angriffe erm\u00f6glicht.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- CISCO Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0955 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0955.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0955 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0955"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory cisco-sa-nd-cbid-5YqkOSHu vom 2026-04-01",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory cisco-sa-ndi-afw-rJuRC5dZ vom 2026-04-01",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndi-afw-rJuRC5dZ"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory cisco-sa-nd-ssrf-NAen4O7r vom 2026-04-01",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ssrf-NAen4O7r"
      }
    ],
    "source_lang": "en-US",
    "title": "Cisco Nexus Dashboard und Insights: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-04-01T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-02T08:59:15.309+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0955",
      "initial_release_date": "2026-04-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.2",
                "product": {
                  "name": "Cisco Nexus Dashboard \u003c4.2",
                  "product_id": "T052374"
                }
              },
              {
                "category": "product_version",
                "name": "4.2",
                "product": {
                  "name": "Cisco Nexus Dashboard 4.2",
                  "product_id": "T052374-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:nexus_dashboard:4.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Insights",
                "product": {
                  "name": "Cisco Nexus Dashboard Insights",
                  "product_id": "T052376",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:nexus_dashboard:insights"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Nexus Dashboard"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-20041",
      "product_status": {
        "known_affected": [
          "T052374",
          "T052376"
        ]
      },
      "release_date": "2026-04-01T22:00:00.000+00:00",
      "title": "CVE-2026-20041"
    },
    {
      "cve": "CVE-2026-20042",
      "product_status": {
        "known_affected": [
          "T052374"
        ]
      },
      "release_date": "2026-04-01T22:00:00.000+00:00",
      "title": "CVE-2026-20042"
    },
    {
      "cve": "CVE-2026-20174",
      "product_status": {
        "known_affected": [
          "T052374",
          "T052376"
        ]
      },
      "release_date": "2026-04-01T22:00:00.000+00:00",
      "title": "CVE-2026-20174"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.