Cisco has released a Critical severity security advisory for three Nexus Dashboard unauthorized access vulnerabilities.
An attacker could remotely exploit these vulnerabilities to take control of an impacted device.
Three Cisco vulnerabilities were noted in the advisory: CVE-2022-20857 (CVSS 9.8), CVE-2022-20858 (CVSS 8.8), and CVE-2022-20861 (CVSS 8.2).
“Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack,” Cisco explained in the advisory.
Regarding the most severe of the three (CVE-2022-20857), Cisco warned that “a successful exploit could allow the attacker to execute arbitrary commands as the root user in any pod on a node.”
Moreover, Cisco further noted that the scope of these exploits can be limited to the network interfaces that have exposure.
Readers can also check out the Cisco Security Advisories page for more details on these and other product vulnerabilities most recently released.
Related Articles
- Cisco patches Critical Cisco Expressway Series and Cisco TelePresence Video Communication Server vulnerabilities
- Cisco issues security updates for Spring Framework, Firepower and IOS XR software
- Cisco issues Critical security updates for Spring Framework vulnerability
- Cisco patches High risk Email Security Appliance DNS Verification DoS vulnerability
- Cisco releases Critical security update for multiple vulnerabilities in Small Business RV Routers