Home

Description

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.

PUBLISHED Reserved 2025-10-08 | Published 2026-04-01 | Updated 2026-04-02 | Assigner cisco




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Problem types

Improper Certificate Validation

Product status

Default status
unknown

1.1(3e)
affected

1.1(3c)
affected

1.1(3d)
affected

1.1(0d)
affected

1.1(2i)
affected

2.0(1b)
affected

1.1(2h)
affected

1.1(0c)
affected

1.1(3f)
affected

2.1(1d)
affected

2.1(1e)
affected

2.0(2g)
affected

2.0(2h)
affected

2.1(2d)
affected

2.0(1d)
affected

2.2(1h)
affected

2.2(1e)
affected

2.2(2d)
affected

2.1(2f)
affected

2.3(1c)
affected

2.3(2b)
affected

2.3(2c)
affected

2.3(2d)
affected

2.3(2e)
affected

3.0(1f)
affected

3.0(1i)
affected

3.1(1k)
affected

3.1(1l)
affected

3.2(1e)
affected

3.2(1i)
affected

3.3(1a)
affected

3.3(1b)
affected

3.3(2b)
affected

4.0(1i)
affected

3.3(2g)
affected

3.2(2f)
affected

3.2(2g)
affected

3.2(2m)
affected

3.1(1n)
affected

4.1(1g)
affected

References

sec.cloudapps.cisco.com/...dvisory/cisco-sa-nd-cbid-5YqkOSHu (cisco-sa-nd-cbid-5YqkOSHu)

cve.org (CVE-2026-20042)

nvd.nist.gov (CVE-2026-20042)

Download JSON