{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-051.pdf"
    },
    "title": "Cisco Nexus Dashboard Multiple Vulnerabilities",
    "serial_number": "2022-051",
    "publish_date": "22-07-2022 15:19:00",
    "description": "On July 20th, Cisco released a security advisory, that addresses one Critical and two High severity vlnerabilities found in Cisco Nexus Dashboard. The vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. Cisco's Product Security Incident Response Team (PSIRT) is not aware of any active exploitation of these vulnerabilities in the wild and the company has released software updates to address these vulnerabilities.",
    "url_title": "2022-051",
    "content_markdown": "---\ntitle: 'Cisco Nexus Dashboard Multiple\u00a0Vulnerabilities'\nversion: '1.0'\nnumber: '2022-051'\norignal_date: 'July 20th, 2022'\ndate: 'July 22, 2022'\n---\n\n_History:_\n\n* _22/07/2022 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn July 20th, Cisco released a security advisory, that addresses one **Critical** and two **High** severity vlnerabilities found in Cisco Nexus Dashboard. The vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack [1]. \n\nCisco's Product Security Incident Response Team (PSIRT) is not aware of any active exploitation of these vulnerabilities in the wild and the company has released software updates to address these vulnerabilities.\n\n\n# Technical Details\n\n## **Critical Vulnerability**\n\n- **CVE-2022-20857: Cisco Nexus Dashboard Arbitrary Command Execution Vulnerability**\n\nThis flaw is due to insufficient access controls and it enables a remote, unauthenticated threat actor to exploit a specific API by sending crafted HTTP requests.  This could allow an attacker to execute arbitrary commands with **root privileges** _in any pod on a node_.\n\n## **High Severity Vulnerabilities**\n\n- **CVE-2022-20861: Cisco Nexus Dashboard Cross-Site Request Forgery Vulnerability**\n\nThe first high severity bug is due to insufficient CSRF protections for the web UI and can be exploited by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow a remote attacker to perform actions with **Administrator privileges**.\n\n- **CVE-2022-20858: Cisco Nexus Dashboard Container Image Read and Write Vulnerability**\n\nThe second high severity bug enables a remote, unauthenticated threat actor to download container images, or upload malicious ones to an affected device, by opening a TCP connection to the affected service. The malicious images would be run after the device has rebooted or a pod has restarted.\n\n\n# Affected Products\n\nThe following products are affected from these vulnerabilities:\n\n* Cisco Nexus Dashboard 1.1 and later \n\nPlease note that version 1.1 is not affected by the vulnerability CVE-2022-20858.\n\n# Recommendations\n\nCisco has addressed the vulnerabilities in the 2.2(1e) security update and advises customers to upgrade to an appropriate fixed software release [2].\n\n\n# References\n\n[1] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y>\n\n[2] <https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>22/07/2022 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On July 20th, Cisco released a security advisory, that addresses one <strong>Critical</strong> and two <strong>High</strong> severity vlnerabilities found in Cisco Nexus Dashboard. The vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack [1]. </p><p>Cisco's Product Security Incident Response Team (PSIRT) is not aware of any active exploitation of these vulnerabilities in the wild and the company has released software updates to address these vulnerabilities.</p><h2 id=\"technical-details\">Technical Details</h2><h3 id=\"critical-vulnerability\"><strong>Critical Vulnerability</strong></h3><ul><li><strong>CVE-2022-20857: Cisco Nexus Dashboard Arbitrary Command Execution Vulnerability</strong></li></ul><p>This flaw is due to insufficient access controls and it enables a remote, unauthenticated threat actor to exploit a specific API by sending crafted HTTP requests. This could allow an attacker to execute arbitrary commands with <strong>root privileges</strong> <em>in any pod on a node</em>.</p><h3 id=\"high-severity-vulnerabilities\"><strong>High Severity Vulnerabilities</strong></h3><ul><li><strong>CVE-2022-20861: Cisco Nexus Dashboard Cross-Site Request Forgery Vulnerability</strong></li></ul><p>The first high severity bug is due to insufficient CSRF protections for the web UI and can be exploited by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow a remote attacker to perform actions with <strong>Administrator privileges</strong>.</p><ul><li><strong>CVE-2022-20858: Cisco Nexus Dashboard Container Image Read and Write Vulnerability</strong></li></ul><p>The second high severity bug enables a remote, unauthenticated threat actor to download container images, or upload malicious ones to an affected device, by opening a TCP connection to the affected service. The malicious images would be run after the device has rebooted or a pod has restarted.</p><h2 id=\"affected-products\">Affected Products</h2><p>The following products are affected from these vulnerabilities:</p><ul><li>Cisco Nexus Dashboard 1.1 and later </li></ul><p>Please note that version 1.1 is not affected by the vulnerability CVE-2022-20858.</p><h2 id=\"recommendations\">Recommendations</h2><p>Cisco has addressed the vulnerabilities in the 2.2(1e) security update and advises customers to upgrade to an appropriate fixed software release [2].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\">https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}