Vulnerabilities > Cisco > Nexus Dashboard > 2.2

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2023-20014 Resource Exhaustion vulnerability in Cisco Nexus Dashboard
A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests.
network
low complexity
cisco CWE-400
7.5
7.5
2023-03-01 CVE-2023-20053 Cross-site Scripting vulnerability in Cisco Nexus Dashboard
A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation.
network
low complexity
cisco CWE-79
6.1
6.1
2022-07-22 CVE-2022-20906 Improper Privilege Management vulnerability in Cisco Nexus Dashboard
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.
local
low complexity
cisco CWE-269
6.7
6.7
2022-07-22 CVE-2022-20907 Improper Privilege Management vulnerability in Cisco Nexus Dashboard
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.
local
low complexity
cisco CWE-269
6.7
6.7
2022-07-22 CVE-2022-20908 Improper Input Validation vulnerability in Cisco Nexus Dashboard
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.
local
low complexity
cisco CWE-20
6.7
6.7
2022-07-22 CVE-2022-20909 Improper Input Validation vulnerability in Cisco Nexus Dashboard
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.
local
low complexity
cisco CWE-20
6.7
6.7
2022-07-22 CVE-2022-20913 Improper Input Validation vulnerability in Cisco Nexus Dashboard
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device.
network
low complexity
cisco CWE-20
6.5
6.5
2022-07-21 CVE-2022-20857 Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.
network
low complexity
cisco CWE-306
critical
 9.8
9.8
2022-07-21 CVE-2022-20858 Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.
network
low complexity
cisco CWE-306
critical
 9.8
9.8
2022-07-21 CVE-2022-20860 Improper Certificate Validation vulnerability in Cisco Nexus Dashboard
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information.
network
high complexity
cisco CWE-295
7.4
7.4