Privacy Ninja

Cisco Fixes Bug that lets Attackers Execute Commands as Root

Cisco Fixes Bug that lets Attackers Execute Commands as Root

Cisco has addressed severe vulnerabilities in the Cisco Nexus Dashboard data center management solution that can let remote attackers execute commands and perform actions with root or Administrator privileges.

The first security flaw (rated critical severity and tracked as CVE-2022-20857) enables unauthenticated threat actors to access an API by sending crafted HTTP requests to execute arbitrary commands remotely with root privileges “in any pod on a node.”

A second bug (a high severity vulnerability in the web UI tracked as CVE-2022-20861) allows remote attackers to conduct a cross-site request forgery attack by persuading authenticated admins to click a malicious link.

“A successful exploit could allow the attacker to perform actions with Administratorprivileges on an affected device,” Cisco explains.

Another high severity security bug (CVE-2022-20858) patched today can let unauthenticated, remote attackers download container images or upload malicious ones to affected devices by opening a TCP connection to the container image management service.

Also Read: Privacy Awareness Week 2022: Data Protection as the foundation of trust

Luckily, as Cisco explains in a security advisory published today, “the malicious images would be run after the device has rebooted or a pod has restarted.”

The vulnerabilities affect Cisco Nexus Dashboard 1.1 and later. Cisco has addressed the flaws in the 2.2(1e) security update published today and advises customers to migrate to a fixed release as soon as possible.

Cisco Nexus Dashboard ReleaseFirst Fixed Release
1.1 (not affected by CVE-2022-20858)Migrate to a fixed release.
2.0Migrate to a fixed release.
2.1Migrate to a fixed release.

No in-the-wild exploitation

These security vulnerabilities were found by security researchers with Cisco’s Advanced Security Initiatives Group (ASIG) during internal security testing.

Cisco’s Product Security Incident Response Team (PSIRT) said that the company is unaware of publicly available exploits or active exploitation in the wild.

Also Read: April 2022 PDPC Incidents and Undertaking

Today, Cisco has also patched a fourth vulnerability (CVE-2022-20860) in the SSL/TLS implementation of the Cisco Nexus Dashboard that could let unauthenticated, remote threat actors alter communications by intercepting traffic in man-in-the-middle attacks.

Successful exploitation could also allow attackers to view sensitive information, including Administrator credentials for affected controllers.

“This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers,” the company added in a separate advisory.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us