CVE-2022-20913

CWE-23 CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 68.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nexus Dashboard Cisco Cisco Nexus Dashboard

Timeline

PublishedJul 22

Latest updateJul 23

Description

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/nexus_dashboard2.0 — 2.2\(1e\)

▶CVEListV5cisco/cisco_nexus_dashboardn/a

🔴Vulnerability Details

GHSA

GHSA-fxf5-95g5-f94p: A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device↗2022-07-23

▶

CVEList

Cisco Nexus Dashboard Arbitrary File Write Vulnerability↗2022-07-21

▶

📋Vendor Advisories

Cisco

Cisco Nexus Dashboard Arbitrary File Write Vulnerability↗2022-07-20

▶