PT-2022-3784 · Cisco · Cisco Nexus Dashboard
Michael J Davenport
·
Published
2022-07-20
·
Updated
2023-06-27
·
CVE-2022-20857
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Nexus Dashboard (affected versions not specified)
Description
The issue is related to multiple vulnerabilities in the Cisco Nexus Dashboard, which could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. A specific vulnerability is associated with a lack of authentication for a critical function in the API interface of the Cisco Nexus Dashboard platform, allowing a remote attacker to execute arbitrary commands with root privileges.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Nexus Dashboard