Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Nutanix
CVE-2026-5944 (GCVE-0-2026-5944)
Vulnerability from cvelistv5 – Published: 2026-04-28 13:06 – Updated: 2026-04-28 14:14 X_Api Security X_Unauthenticated Access X_Cisco Intersight Device Connector X_Prism Central X_Port 7373
VLAI?
Title
Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access
Summary
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication.
An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked.
Although this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment.
Severity ?
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nutanix | Cisco Intersight Device Connector for Prism Central |
Affected:
4.3.0 , < 7.5.1
(custom)
|
Date Public ?
2026-04-28 13:06
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T14:14:48.970984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T14:14:58.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cisco Intersight Device Connector for Prism Central",
"vendor": "Nutanix",
"versions": [
{
"changes": [
{
"at": "7.5.1",
"status": "unaffected"
}
],
"lessThan": "7.5.1",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vulnerability is exploitable only when the Cisco Intersight Device Connector has been manually installed via the Prism Central Marketplace. If the connector is not enabled, the affected service and TCP port 7373 remain closed and unexposed.\u003c/p\u003e\u003cp\u003eOrganizations are impacted only when the connector is active and running a version greater than or equal to 4.3.0 and less than 7.5.1, which can be verified by navigating to the Admin Center in Prism Central, selecting the My Apps tab and verifying the installation status and version of the Cisco Intersight Device Connector.\u003c/p\u003e"
}
],
"value": "The vulnerability is exploitable only when the Cisco Intersight Device Connector has been manually installed via the Prism Central Marketplace. If the connector is not enabled, the affected service and TCP port 7373 remain closed and unexposed.\nOrganizations are impacted only when the connector is active and running a version greater than or equal to 4.3.0 and less than 7.5.1, which can be verified by navigating to the Admin Center in Prism Central, selecting the My Apps tab and verifying the installation status and version of the Cisco Intersight Device Connector."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nutanix:cisco_intersight_device_connector_for_prism_central:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.5.1",
"versionStartIncluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "External Security Researcher (via Cisco)"
}
],
"datePublic": "2026-04-28T13:06:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication.\u003c/p\u003e\u003cp\u003eAn unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked.\u003c/p\u003e\u003cp\u003eAlthough this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment.\u003c/p\u003e"
}
],
"value": "An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication.\n\n\n\nAn unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked.\n\n\n\nAlthough this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Nutanix Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\u003c/p\u003e"
}
],
"value": "The Nutanix Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/S:N/AU:N/R:U/V:C/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"other": {
"content": {
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CNA",
"version": "2.0.3"
},
"type": "ssvc"
},
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T13:06:35.686Z",
"orgId": "2ffdacf6-8681-47df-b023-4f11abd61c1d",
"shortName": "Nutanix"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://download.nutanix.com/alerts/Security_Advisory_0046.pdf"
},
{
"tags": [
"release-notes"
],
"url": "https://portal.nutanix.com/page/documents/list?type=software\u0026filterKey=software\u0026filterVal=Prism"
},
{
"tags": [
"x_support"
],
"url": "https://www.nutanix.com/support"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNutanix has released version 7.5.1 of the Cisco Intersight Device Connector:\u003c/p\u003e\u003cul\u003e\u003cli\u003eLog in to Prism Central (PC) and navigate to the Life Cycle Manager (LCM) Dashboard.\u003c/li\u003e\u003cli\u003eClick \"Perform Inventory\" or \"Get Full Inventory\" to refresh the inventory.\u003c/li\u003e\u003cli\u003eAfter the inventory refresh completes, navigate to the Marketplace.\u003c/li\u003e\u003cli\u003eSelect the Cisco Intersight Device Connector.\u003c/li\u003e\u003cli\u003eClick \"Upgrade\" to update to version 7.5.1 or later.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Nutanix has released version 7.5.1 of the Cisco Intersight Device Connector:\n * Log in to Prism Central (PC) and navigate to the Life Cycle Manager (LCM) Dashboard.\n * Click \"Perform Inventory\" or \"Get Full Inventory\" to refresh the inventory.\n * After the inventory refresh completes, navigate to the Marketplace.\n * Select the Cisco Intersight Device Connector.\n * Click \"Upgrade\" to update to version 7.5.1 or later."
}
],
"source": {
"advisory": "nutanix-sa-0046",
"discovery": "EXTERNAL"
},
"tags": [
"x_api-security",
"x_unauthenticated-access",
"x_cisco-intersight-device-connector",
"x_prism-central",
"x_port-7373"
],
"timeline": [
{
"lang": "en",
"time": "2026-04-08T15:45:00.000Z",
"value": "Initial vulnerability analysis and internal update"
},
{
"lang": "en",
"time": "2026-04-08T18:30:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2026-04-28T13:06:00.000Z",
"value": "Advisory published"
}
],
"title": "Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf upgrading the Cisco Intersight Device Connector to version 7.5.1 or later is not immediately possible, restrict access to TCP port 7373 by limiting the service to internal traffic only:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEstablish an SSH session to Prism Central (PC).\u003c/li\u003e\u003cli\u003eExecute the following command to reconfigure the service visibility to internal traffic only: \u003ccode\u003esudo kubectl -n pc-platform-other annotate service cisco-device-connector service.msp.ntnx.io/lb=pc-internal --overwrite\u003c/code\u003e\u003c/li\u003e\u003cli\u003eRun the following command: \u003ccode\u003esudo kubectl get svc -n pc-platform-other\u003c/code\u003e and verify that the Cisco Intersight Device Connector is no longer associated with the Prism Central public IP address.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "If upgrading the Cisco Intersight Device Connector to version 7.5.1 or later is not immediately possible, restrict access to TCP port 7373 by limiting the service to internal traffic only:\n * Establish an SSH session to Prism Central (PC).\n * Execute the following command to reconfigure the service visibility to internal traffic only: sudo kubectl -n pc-platform-other annotate service cisco-device-connector service.msp.ntnx.io/lb=pc-internal --overwrite\n * Run the following command: sudo kubectl get svc -n pc-platform-other and verify that the Cisco Intersight Device Connector is no longer associated with the Prism Central public IP address."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "2ffdacf6-8681-47df-b023-4f11abd61c1d",
"assignerShortName": "Nutanix",
"cveId": "CVE-2026-5944",
"datePublished": "2026-04-28T13:06:35.686Z",
"dateReserved": "2026-04-09T05:40:22.214Z",
"dateUpdated": "2026-04-28T14:14:58.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12223 (GCVE-0-2024-12223)
Vulnerability from cvelistv5 – Published: 2025-08-20 00:44 – Updated: 2025-08-20 15:15
VLAI?
Title
Stored Cross-site Scripting (XSS) in Nutanix Prism Central
Summary
Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nutanix | Prism Central |
Affected:
0 , < 2024.3.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T13:57:28.757913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:15:34.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Events"
],
"product": "Prism Central",
"vendor": "Nutanix",
"versions": [
{
"lessThan": "2024.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Suters"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user\u2019s session and perform actions in their security context."
}
],
"value": "Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user\u2019s session and perform actions in their security context."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T00:44:56.421Z",
"orgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"shortName": "TML"
},
"references": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2024-12223"
}
],
"source": {
"discovery": "USER"
},
"title": "Stored Cross-site Scripting (XSS) in Nutanix Prism Central",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"assignerShortName": "TML",
"cveId": "CVE-2024-12223",
"datePublished": "2025-08-20T00:44:56.421Z",
"dateReserved": "2024-12-05T00:48:35.742Z",
"dateUpdated": "2025-08-20T15:15:34.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}