Cisco announced several critical vulnerabilities for the Cisco Nexus Dashboard that could allow a remote unauthenticated attacker to run arbitrary commands, read image files, or run cross-site forgery attacks. Specifics of the vulnerabilities can be found here, and below is a brief description of each:
CVE-2022-20857: Arbitrary Command Execution
CVE-2022-20861: Cross-Site Request Forgery
CVE-2022-20858: Container Image Read and Write
There are no known exploits in the wild; however, due to the criticality of the vulnerabilities, affected Cisco Nexus customers should assess their hardware and determine best upgrade paths for their environment and Cisco contract entitlements.
Vulnerabilities are rated critical
Vulnerabilities affect Cisco Nexus Dashboard
No workarounds to address vulnerabilities and requires software update
If you have Cisco Nexus equipment in your environment and would like assistance with assessing exposure or best go forward plan, please reach out to your SymQuest Account Executive.