Cisco announced that it has released security updates for vulnerabilities detected in the Nexus Dashboard. The security flaws include a high-risk arbitrary command execution vulnerability. By exploiting this vulnerability, threat actors can connect to the system remotely and perform a “cross-site request forgery” attack, in addition to permissions such as reading and modifying files.
The vulnerabilities are:
- CVE-2022-20857 (Cisco Nexus Dashboard Arbitrary Command Execution Vulnerability)
- CVE-2022-20858 (Cisco Nexus Dashboard Container Image Read and Write Vulnerability)
- CVE-2022-20860 (Cisco Nexus Dashboard SSL Certificate Validation Vulnerability)
- CVE-2022-20861 (Cisco Nexus Dashboard Cross-Site Request Forgery Vulnerability)
Each service of Cisco Nexus Dashboard is connected to one of the “data network (fabric0, fabric1)” or “management network (mgmt0, mgmt1)” networks. Although there is no link between vulnerabilities, the exposure of one of these networks can make it an open target for exploits.
How Do Nexus Dashboard Vulnerabilities Affect?
The vulnerability, tracked by the code CVE-2022-20857, is critical, with a CVSS score of 9.8. Threat actors exploiting this vulnerability can access a specific API active in the data network and execute arbitrary code on vulnerable devices.
Attackers can attempt exploits by sending specially crafted HTTP queries to the vulnerable API. If the exploit is successful, they can execute commands as root users.
The other vulnerability, which has a CVSS score of 8.2, is tracked with code CVE-2022-20858 and allows attackers to access active services on data and management networks on a vulnerable device.
Threat actors can attempt an exploit by establishing a TCP connection with a vulnerable service. A successful exploit allows attackers to upload malicious images to the target device. These images are run when the device is restarted.
The vulnerability, code CVE-2022-20861, allows an unauthenticated attacker to launch a “cross-site request forgery” attack on the web user interface of the Cisco Nexus Dashboard’s management network. Cyber security experts state that attackers can gain administrative privileges through phishing to exploit this vulnerability.
Another vulnerability, CVE-2022-20860, is because SSL certificates are not validated in the Cisco Nexus Dashboard. Using man-in-the-middle techniques, the attacker can generate their own certificates and impersonate the controller. Thus, it can have the opportunity to access sensitive information and seize identity information.
How to Fix the Vulnerabilities?
Cisco has released patches for all four vulnerabilities. Customers must install the version 2.2 (1e) to fix the vulnerabilities CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861.
Version 2.2 (1h) is available to fix the vulnerability with code CVE-2022-20860.
You can review Cisco’s security advice here.