Cisco patched 3 Nexus Dashboard Unauthorized Access Vulnerabilities

Cisco has released a Critical severity security advisory for three Nexus Dashboard unauthorized access vulnerabilities.

An attacker could remotely exploit these vulnerabilities to take control of an impacted device.

Three Cisco vulnerabilities were noted in the advisory: CVE-2022-20857 (CVSS 9.8), CVE-2022-20858 (CVSS 8.8), and CVE-2022-20861 (CVSS 8.2).

“Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack,” Cisco explained in the advisory.

Regarding the most severe of the three (CVE-2022-20857), Cisco warned that “a successful exploit could allow the attacker to execute arbitrary commands as the root user in any pod on a node.”

Moreover, Cisco further noted that the scope of these exploits can be limited to the network interfaces that have exposure.

Readers can also check out the Cisco Security Advisories page for more details on these and other product vulnerabilities most recently released.

Related Articles