CVE-2022-20908Time-of-check Time-of-use (TOCTOU) Race Condition in Cisco Nexus Dashboard

CWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-20Improper Input ValidationCWE-61UNIX Symbolic Link (Symlink) FollowingCWE-77Command Injection4 documents4 sources
Severity
6.7MEDIUMNVD
CNA6.0
EPSS
0.0%
top 92.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nexus DashboardCisco Nexus Dashboard
Timeline
PublishedJul 22
Latest updateJul 23

Description

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected devi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/nexus_dashboard2.02.2\(1e\)

🔴Vulnerability Details

2
GHSA
GHSA-f697-rhhx-xh4f: Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device2022-07-23
CVEList
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities2022-07-21

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities2022-07-20
CVE-2022-20908 — Cisco Nexus Dashboard vulnerability | cvebase