Cisco Patches Critical Vulnerabilities Impacting Nexus Dashboard
July 21, 2022
Cisco Patches Critical Vulnerabilities Impacting Nexus Dashboard
Cisco released security fixes for 45 vulnerabilities impacting a wide range of devices, some of which might be abused to execute arbitrary code with elevated privileges on affected systems.
One security vulnerability is rated Critical, three are rated High, and 41 are rated Medium among the 45 vulnerabilities.
The Most Severe Vulnerabilities
- CVE-2022-20857 (CVSS score: 9.8) – Cisco Nexus Dashboard arbitrary command execution vulnerability
- CVE-2022-20858 (CVSS score: 8.2) – Cisco Nexus Dashboard container image read and write vulnerability
- CVE-2022-20861 (CVSS score: 8.8) – Cisco Nexus Dashboard cross-site request forgery (CSRF) vulnerability
- CVE-2022-20860 (CVSS score: 7.4) Cisco Nexus Dashboard’s SSL/TLS implementation vulnerability
The vulnerabilities might allow a remote attacker to execute objective commands, read or upload container image files, or perform cross-site request forgery.
Affected Products
- Cisco Nexus Dashboard 1.1 and later.
Mitigation
CYREBRO recommends upgrading Cisco Nexus Dashboard to the patched version 2.2. (1e)
References: Cisco Advisory.
