Cisco announced several critical vulnerabilities for the Cisco Nexus Dashboard that could allow a remote unauthenticated attacker to run arbitrary commands, read image files, or run cross-site forgery attacks. Specifics of the vulnerabilities can be found here, and below is a brief description of each:
CVE-2022-20857: Arbitrary Command Execution
CVE-2022-20861: Cross-Site Request Forgery
CVE-2022-20858: Container Image Read and Write
There are no known exploits in the wild; however, due to the criticality of the vulnerabilities, affected Cisco Nexus customers should assess their hardware and determine best upgrade paths for their environment and Cisco contract entitlements.