Network Alerts

Cisco Nexus Vulnerabilities

Posted by Matt Weber - July 25, 2022 - Vulnerability, Cisco

About the Alert

Cisco announced several critical vulnerabilities for the Cisco Nexus Dashboard that could allow a remote unauthenticated attacker to run arbitrary commands, read image files, or run cross-site forgery attacks. Specifics of the vulnerabilities can be found here, and below is a brief description of each: 

CVE-2022-20857: Arbitrary Command Execution

CVE-2022-20861: Cross-Site Request Forgery

CVE-2022-20858: Container Image Read and Write

There are no known exploits in the wild; however, due to the criticality of the vulnerabilities, affected Cisco Nexus customers should assess their hardware and determine best upgrade paths for their environment and Cisco contract entitlements.

Key Takeaways:

  • Vulnerabilities are rated critical
  • Vulnerabilities affect Cisco Nexus Dashboard
  • No workarounds to address vulnerabilities and requires software update 

Requesting Assistance

If you have Cisco Nexus equipment in your environment and would like assistance with assessing exposure or best go forward plan, please reach out to your SymQuest Account Executive.

Never miss a critical vulnerability alert

Stay in the know and receive a notification right to your inbox when a security message is posted.

Subscribe

Subscribe to receive Network Alerts

×