Unauthorised Access Vulnerabilities in Cisco Nexus Dashboard

Cisco has released security updates for three severe vulnerabilities (CVE-2022-20857, CVE-2022-20858, CVE-2022-20861) affecting Cisco Nexus Dashboard 1.1 and later. One of the vulnerabilities, CVE-2022-20857, is rated critical and has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10. 

These three vulnerabilities could allow an attacker to execute commands and perform actions with root or administrator privileges. 

• CVE-2022-20857 - A vulnerability in Cisco Nexus Dashboard that could allow an unauthenticated, remote attacker to access a specific application programming interface (API). Through this, the attacker could send crafted HTTP requests to execute arbitrary commands on an affected device as a root user.

• CVE-2022-20861 - A vulnerability in the web user interface (UI) of Cisco Nexus Dashboard that could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. This is done by enticing an authenticated administrator to click a malicious link on an affected device to perform actions with administrator privileges.

• CVE-2022-20858 - A vulnerability in Cisco Nexus Dashboard that could allow an unauthenticated, remote attacker to download container images or upload malicious container images on an affected device by opening a TCP connection to the container image management service. The malicious images would run after the affected device reboots or a pod (an affected instance connected to the Cisco Nexus Dashboard) restarts.

The following products are affected by these vulnerabilities:

• Cisco Nexus Dashboard 1.1 (not affected by CVE-2022-20858)

• Cisco Nexus Dashboard 2.0

• Cisco Nexus Dashboard 2.1

• Cisco Nexus Dashboard 2.2

Administrators of the affected products are advised to upgrade to the latest versions immediately.

More information is available here:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y