Security News > 2022 > July > Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers

Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers
2022-07-21 11:32

The most severe of the issues are CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861, which impact Cisco Nexus Dashboard for data centers and cloud network infrastructures and could enable an "Unauthenticated remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack."

CVE-2022-20857 - Cisco Nexus Dashboard arbitrary command execution vulnerability.

All the three vulnerabilities, which were identified during internal security testing, affect Cisco Nexus Dashboard 1.1 and later, with fixes available in version 2.2(1e).

Another high-severity flaw relates to a vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard that could permit an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information.

Another set of five shortcomings in the Cisco Nexus Dashboard products concerns a mix of four privilege escalation flaws and an arbitrary file write vulnerability that could permit an authenticated attacker to gain root permissions and write arbitrary files to the devices.

The updates also arrived less than two weeks after Cisco rolled out patches for 10 security flaws, including an arbitrary critical file overwrite vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server that could lead to absolute path traversal attacks.


News URL

https://thehackernews.com/2022/07/cisco-releases-patches-for-critical.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-07-21 CVE-2022-20861 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Nexus Dashboard
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.
network
low complexity
cisco CWE-352
8.8
2022-07-21 CVE-2022-20858 Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.
network
low complexity
cisco CWE-306
critical
9.8
2022-07-21 CVE-2022-20857 Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.
network
low complexity
cisco CWE-306
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751