According to the Cisco Product Security Incident Response Team (PSIRT), there are no publicly published exploits or malicious use of the vulnerability in the wild.
______________________________
A. Nature of Vulnerability
CVE-2022-20857: Cisco Nexus Dashboard Arbitrary Command Execution Vulnerability
A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to access a specific API running in the data network and execute arbitrary commands on an affected device.
The vulnerability is due to insufficient access controls for a specific API. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected API. A successful exploit could allow the attacker to execute arbitrary commands as the root user in any pod on a node.
CVE-2022-20861: Cisco Nexus Dashboard Cross-Site Request Forgery Vulnerability
A vulnerability in the web UI running in the management network of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device.
This vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to perform actions with Administrator privileges on an affected device.
CVE-2022-20858: Cisco Nexus Dashboard Container Image Read and Write Vulnerability
A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to access a service running in the data and management networks on an affected device.
The vulnerability is due to insufficient access controls for a service that manages container images. An attacker could exploit this vulnerability by opening a TCP connection to the affected service. A successful exploit could allow the attacker to download container images or upload malicious container images to an affected device. The malicious images would run after the device was rebooted or a pod restarted.
CVE-2022-20860: Cisco Nexus Dashboard SSL Certificate Validation Vulnerability
The vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers.
______________________________
B. Actions to be Taken
- CERT-PH encourages all Cisco users/administrators to review and apply the updates to mitigate future threats.
- Regularly check and apply the latest patch of software, especially to public-facing applications.
- Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
- In addition, providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface.
- For additional information, kindly refer to the official advisory:
- <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y/>
- <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-tlsvld-TbAQLp3N/>
______________________________
C. Affected Product Version
| Product | Affected Versions |
| 1.1 (not affected by CVE-2022-20858) | Migrate to a fixed release. |
| 2.0 | Migrate to a fixed release. |
| 2.1 | Migrate to a fixed release. |
| 2.2 | 2.2(1h) |