CVE-2022-20857
published 2022-07-21CVE-2022-20857: Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.44%
69.8th percentile
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_nexus_dashboard | — | — |
| cisco | nexus_dashboard | >= 1.0 < 2.2\(1e\) | 2.2\(1e\) |
| cisco | nexus_dashboard_unauthorized_access | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-20857 affects Cisco Nexus Dashboard; unauthenticated remote attackers can execute arbitrary commands via missing authentication (CWE-306). Monitor for unexpected command execution originating from unauthenticated sessions on Nexus Dashboard management interfaces. ↗
- →Track Cisco bug IDs CSCwa75451, CSCwa93560, and CSCwb24518 for patch and indicator updates related to this vulnerability cluster. ↗
- →Alert on unauthenticated attempts to read or upload container image files on Cisco Nexus Dashboard endpoints, as this is a specific exploitation primitive for this CVE (CWE-306 — missing authentication for critical function). ↗
- ·No workarounds are available for these vulnerabilities; only vendor-supplied software updates remediate the issue. ↗
- ·The advisory covers multiple CVEs (including CSRF via CWE-352 in addition to CWE-306 missing-auth issues); ensure detections are scoped specifically to CVE-2022-20857 (arbitrary command execution, missing auth) and not conflated with the CSRF variant. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xwjg-qxv6-28rv: Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload contai
ghsa_unreviewed·2022-07-22
CVE-2022-20857 [CRITICAL] CWE-306 GHSA-xwjg-qxv6-28rv: Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload contai
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory.
Cisco
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities
vendor_cisco·2022-07-20·CVSS 9.8
CVE-2022-20857 [CRITICAL] CWE-306 Cisco Nexus Dashboard Unauthorized Access Vulnerabilities
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y
Cisco
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2022-20857 Cisco Nexus Dashboard Unauthorized Access Vulnerabilities
CVE-2022-20857: Cisco Nexus Dashboard Unauthorized Access Vulnerabilities
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the
CVSS: 3.1
CWE: CWE-306, CWE-352, CWE-306, CWE-352
Bug IDs: CSCwa75451, CSCwa93560, CSCwb24518, CSCwa93560, CSCwa75451
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-07-21
Published