Security News > 2022 > July > Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers
The most severe of the issues are CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861, which impact Cisco Nexus Dashboard for data centers and cloud network infrastructures and could enable an "Unauthenticated remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack."
CVE-2022-20857 - Cisco Nexus Dashboard arbitrary command execution vulnerability.
All the three vulnerabilities, which were identified during internal security testing, affect Cisco Nexus Dashboard 1.1 and later, with fixes available in version 2.2(1e).
Another high-severity flaw relates to a vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard that could permit an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information.
Another set of five shortcomings in the Cisco Nexus Dashboard products concerns a mix of four privilege escalation flaws and an arbitrary file write vulnerability that could permit an authenticated attacker to gain root permissions and write arbitrary files to the devices.
The updates also arrived less than two weeks after Cisco rolled out patches for 10 security flaws, including an arbitrary critical file overwrite vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server that could lead to absolute path traversal attacks.
News URL
https://thehackernews.com/2022/07/cisco-releases-patches-for-critical.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-21 | CVE-2022-20861 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. | 8.8 |
2022-07-21 | CVE-2022-20858 | Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. | 9.8 |
2022-07-21 | CVE-2022-20857 | Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. | 9.8 |