How To Fix CVE-2022-20857- An Arbitrary Command Execution Vulnerability In Cisco Nexus Dashboard

The network appliances manufacturer giant Cisco published an advisory on 20th July in which Cisco detailed about four new vulnerabilities in Cisco Nexus Dashboard. The vulnerabilities are tracked as CVE-2022-20857, CVE-2022-20858, CVE-2022-20860, and CVE-2022-20861 are one critical and three high severity vulnerabilities with a CVSS score of 9.9, 8.2, 7.4, and 8.8 out of 10. These flaws allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, alter communications with associated controllers or view sensitive information, or perform a cross-site request forgery attack on the affected versions of the Cisco Nexus dashboard. Since the successful exploitation of these flaws allows the attackers to execute an arbitrary command and steal sensitive information, including Administrator credentials, It is considered critical and should fix it as soon as possible. Let’s see how to fix CVE-2022-20857, An Arbitrary Command Execution Vulnerability in Cisco Nexus Dashboard.

A short Introduction About The Cisco Nexus Dashboard

Cisco Nexus Dashboard is a web-based graphical user interface (GUI) that enables you to manage and monitor your Cisco Nexus devices. It provides you with an at-a-glance view of the health and status of your devices, as well as detailed information on device configuration, performance, and security. Cisco Nexus Dashboard is included with the purchase of any Cisco Nexus device. It does not require a license. It is available for free download from the Cisco website.

Easy to use

• Customizable role-based UI view to provide a focused view on network operator use cases
• Single Sign-On (SSO) for seamless user experience across operation services
• Single console for health monitoring and quick service turn-up

Easy to scale

• Ensure high availability, scale-out operations from a single dashboard
• Scale use cases leveraging flexible deployment options
• Operations that span across on-premises, multi-cloud, and edge networks

Easy to maintain

• Seamless integration and lifecycle management of operational services
• Onboard and manage operational services across on-premises, cloud, or hybrid environments
• Single integration point for critical third-party applications and tools

List Of Vulnerabilities Published In The Advisory:

1. CVE-2022-20857: An Arbitrary Command Execution Vulnerability in Cisco Nexus Dashboard
2. CVE-2022-20858: A Container Image Read and Write Vulnerability in Cisco Nexus Dashboard
3. CVE-2022-20860: A SSL Certificate Validation Vulnerability in Cisco Nexus Dashboard
4. CVE-2022-20861: A Cross-Site Request Forgery Vulnerability in Cisco Nexus Dashboard

Summary Of CVE-2022-20857:

This is an arbitrary command execution vulnerability in Cisco Nexus Dashboard. The advisory says that this vulnerability is due to insufficient access controls for a specific API. This could lead to executing arbitrary commands as the root user in any pod on a node. The flaw could be exploited by sending crafted HTTP requests to the affected API. This ACE flaw allows an unauthenticated, remote attacker to access a specific API that is running in the data network and execute arbitrary commands on an affected device.

Summary Of CVE-2022-20858:

This is a Container Image Read and Write Vulnerability in Cisco Nexus Dashboard. The advisory says that this vulnerability is due to insufficient access controls for a service that manages container images. This could lead to download container images or upload malicious container images to an affected device and run them after a reboot. The flaw could be exploited by opening a TCP connection to the affected service. This Container Image Read and Write flaw allows an unauthenticated, remote attacker to access a service that is running in the data and management networks on an affected device.

Summary Of CVE-2022-20860:

This is an SSL Certificate Validation Vulnerability in Cisco Nexus Dashboard. The advisory says that this vulnerability is due to spiking the validation of SSL server certificates when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. This could lead to alter communications between devices or view sensitive information, including Administrator credentials for these controllers. The flaw could be abused to impersonate the controllers by using a crafted certificate by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers. This SSL Certificate Validation flaw allows an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information.

Summary Of CVE-2022-20861:

This is a Cross-Site Request Forgery vulnerability in Cisco Nexus Dashboard. The advisory says that this vulnerability is due to insufficient CSRF protections for the web UI on an affected device. This could lead to perform actions with Administrator privileges on an affected device. The flaw could be exploited by persuading an authenticated administrator of the web-based management interface to click a malicious link. This CSRF flaw allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack in the web UI that is running in the management network of the Cisco Nexus Dashboard.

Cisco Nexus Dashboard Version Vulnerable To These vulnerabilities:

This vulnerability affects all versions of Cisco Nexus Dashboard 1.1 and later. Please check the version of your Cisco Nexus Dashboard and fix the CVE-2022-20857, CVE-2022-20858, CVE-2022-20860, and CVE-2022-20861 flaws as per your change schedule.

How To Check Your Cisco Nexus Dashboard Is Vulnerable To CVE-2022-20857?

Well, it is easy to check if your Cisco Nexus dashboard is vulnerable. You need to check the version of the Cisco Nexus dashboard you use. Run this simple command to check the version of the Cisco Nexus dashboard.

As said in the previous section, all versions of Cisco Nexus Dashboard 1.1 and later are vulnerable to these flaws.

# acs version

This returns the Nexus Dashboard version.

How To Fix CVE-2022-20857- An Arbitrary Command Execution Vulnerability In Cisco Nexus Dashboard?

Cisco has released security patches to fix the CVE-2022-20857 vulnerability. Please refer to this table to see the vulnerable versions of Cisco Nexus Dashboard with recommended fixes. We recommend upgrading to an appropriate fixed software release, as shown in the below table.

Please visit the Cisco Nexus Dashboard User Guide for the complete details.

We hope this post will help you know how to fix CVE-2022-20857, an arbitrary command execution vulnerability in Cisco Nexus Dashboard. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this. 

• How Attackers Abused Kubeflow To Run Crypto Mining Campaigns Targeting Kubernetes Clusters
• How to Fix CVE-2022-20623
• How to Fix CVE-2022-20624
• RCE Vulnerability In Cisco Switche
• How To Fix CVE-2022-20624- A Denial Of Service Vulnerability In CFSoIP Service Of Cisco NX-OS