Security News > 2022 > July > Cisco fixes bug that lets attackers execute commands as root

Cisco fixes bug that lets attackers execute commands as root
2022-07-20 17:49

Cisco has addressed severe vulnerabilities in the Cisco Nexus Dashboard data center management solution that can let remote attackers execute commands and perform actions with root or Administrator privileges.

"A successful exploit could allow the attacker to perform actions with Administrator privileges on an affected device," Cisco explains.

Luckily, as Cisco explains in a security advisory published today, "The malicious images would be run after the device has rebooted or a pod has restarted."

Cisco has addressed the flaws in the 2.2(1e) security update published today and advises customers to migrate to a fixed release as soon as possible.

Today, Cisco has also patched a fourth vulnerability in the SSL/TLS implementation of the Cisco Nexus Dashboard that could let unauthenticated, remote threat actors alter communications by intercepting traffic in man-in-the-middle attacks.

"This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller, Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager controllers," the company added in a separate advisory.


News URL

https://www.bleepingcomputer.com/news/security/cisco-fixes-bug-that-lets-attackers-execute-commands-as-root/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751