There are important security updates for hardware and software from the network supplier Cisco.
Admins in data centers with Cisco Nexus Dashboard should update the software for security reasons. Otherwise, attackers could target several vulnerabilities and, in the worst case, execute their own commands with root privileges. There are also security updates for some devices in the Small Business series.
Admin/root attacks
By sending crafted HTTP requests to a specific API, a remote attacker could gain root privileges and run their own commands without authentication. The vulnerability (CVE-2022-20857) is identified as “critical“ classified.
Attackers exploit another vulnerability (CVE-2022-20861 “high’) they could perform actions as admin. Uploading containers with malicious code may cause reboots (CVE-2022-20858 “high“).
The developers are also ironing out SSL/TLS bugs (CVE-2022-20860 “high“) out. In addition, attackers could obtain increased user rights or access data that is actually isolated.
More gaps
Several vulnerabilities still threaten the small business routers RV110W, RV130, RV130W and RV215W. After successful attacks, attackers could, in the worst case, run their own code on devices.
Admins can find information about the versions secured against possible attacks in the warning messages linked at the end of this article.
Cisco has also published a note that due to a bug in the Identity Services Engine (ISE) password policy, admins can continue to use expired credentials to access the web management interface.
List sorted by threat level in descending order:
- Nexus Dashboard Unauthorized Access
- Nexus Dashboard SSL Certificate Validation
- Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service
- Nexus Dashboard Privilege Escalation
- Nexus Dashboard Arbitrary File Write
- IoT Control Center Cross-Site Scripting
