CVE-2022-20860Improper Certificate Validation in Cisco Nexus Dashboard

CWE-295Improper Certificate Validation4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.3%
top 51.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nexus DashboardCisco Nexus Dashboard
Timeline
PublishedJul 21
Latest updateJul 22

Description

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

NVDcisco/nexus_dashboard1.12.2\(1h\)

🔴Vulnerability Details

2
GHSA
GHSA-xrg3-35mw-8rhg: A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with as2022-07-22
CVEList
Cisco Nexus Dashboard SSL Certificate Validation Vulnerability2022-07-21

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard SSL Certificate Validation Vulnerability2022-07-20
CVE-2022-20860 — Improper Certificate Validation | cvebase