Technology
Cisco patches dangerous bug trio in Nexus Dashboard
Inadequate access control and CSRF protections spawn critical and high severity issues.
Serious vulnerabilities in Cisco Nexus Dashboard give attackers a viable path to executing arbitrary commands as root, uploading container image files, or performing cross-site request forgery (CSRF) attacks.
Discovered via internal testing, the trio of unauthenticated bugs – one critical, two high severity – have been patched in the data center management platform’s latest software update.
Cisco said it was not aware of any in-the-wild malicious abuse of the vulnerability.
Vulnerable API
The most severe issue, notching a critical CVSS score of 9.8, could allow an attacker to access a vulnerable API running in the data network and execute arbitrary commands (CVE-2022-20857).
The vulnerability can be abused by sending crafted HTTP requests to the API, which, thanks to insufficient access controls, means an attacker can “execute arbitrary commands as the root user in any pod on a node”, reads a security advisory published on July 20.
The most severe of two high severity issues is the CSRF bug (CVSS 8.8), which exists in the web UI running in the management network.
The vulnerability (CVE-2022-20861) is exploitable “by persuading an authenticated administrator of the web-based management interface to click a malicious link”, said Cisco. Should they achieve this, attackers could then “perform actions with Administrator privileges on an affected device”.
Finally, a flaw with a CVSS rating of 8.2 (CVE-2022-20858) exposes the service that manages container images in both the data and management networks.
Arising due to insufficient access controls, the vulnerability can be exploited “by opening a TCP connection to the affected service” and downloading container images or uploading malicious container images to an affected device. “The malicious images would be run after the device has rebooted or a pod has restarted,” added Cisco.
Vulnerable versions of Cisco Nexus Dashboard – formerly known as Cisco Application Services Engine – are 1.1, 2.0, 2.1, and 2.2 (although version 1.1 is not affected by CVE-2022-20858). All three flaws have been addressed in version 2.2(1e).
Cisco was unable to provide workarounds to mitigate risks.
iQoo 12: Global version of ex-flagship smartphone upgrades to Android 15
RedMagic 10 Pro and RedMagic 10 Pro Plus to follow RedMagic Nova global release with huge ultra-bright displays
OnePlus 13 posts impressive sales numbers before anticipated global release
Ruud van Nistelrooy updates Leny Yoro injury after Manchester United defender is pictured in training
Cole Palmer injury update leaves him in doubt for Chelsea against Arsenal
Police kill two suspected kidnappers in Delta State
Atiku congratulates Trump on US election victory
Chief of Army Staff, Lagbaja passed away at age 56
Vector reveals one thing he doesn’t understand about Africans
People always tell me to smile more — CKay
Hermes Iyele announces the death of his mother
Skylar Grey – Everything I Need [LYRICS]
[Music] Diddy – Dirty Money – “Coming Home” Feat. Skylar Grey
Diddy – Dirty Money – “Coming Home” Feat. Skylar Grey [LYRICS]
[Music] African China – Amen
[Music] African China – Baba God
African China – Baba God [LYRICS]
Machine Gun Kelly (MGK) “Home” Feat X Ambassadors & Bebe Rexha [LYRICS]
Passenger – Let Her Go [LYRICS]
[Music] Eminem – “No Love” Feat. Lil Wayne
Eminem – “No Love” Feat. Lil Wayne [LYRICS]
[Music] Tatiana Manaois – Buzz Kill
Tatiana Manaois – Buzz Kill [LYRICS]
James Blunt – Goodbye My Lover [LYRICS]
Major Lazer – “Particula” Feat. Nasty C , Ice Prince, Patoranking & Jidenna [LYRICS]
James Blunt – You’re Beautiful [LYRICS]
Justin Timberlake – Mirrors [LYRICS]
[Music] Darey – “Pray For Me” feat. Soweto Gospel Choir
Eminem – “Love The Way You Lie” Feat. Rihanna [LYRICS]
Goldlink ft. Miguel – Got Friends [LYRICS]
Sia – I’m Still Here [LYRICS]
Yo Gotti ft. Nicki Minaj – Rake It Up [LYRICS]
Shane McMahon – Here Comes The Money [LYRICS]
Journey – Faithfully [LYRICS]
[Music] Journey – Faithfully
Eminem – Not Afraid [LYRICS]
[Music] Journey – Don’t Stop Believin’
Journey – Don’t Stop Believin’ [LYRICS]
21 Savage – Bank Account [LYRICS]
Demi Lovato – Sober [LYRICS]
[Music] Gnash Ft Olivia O’Brien – I Hate you, I Love you
[INSTRUMENTAL] John Legend – All Of Me
Alan Walker – Faded [INSTRUMENTAL]
[Video] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me
[Instrumental] Wiz Khalifa – See You Again ft. Charlie Puth
Salvation Ministry Choir – Amen [LYRICS]
[Music] The Chainsmokers – ‘Don’t Let Me Down’ Feat. Daya
[Music] Powfu – Death Bed (Coffee for Your Head) Feat. Beabadoobee
[Music] Wyclef Jean – “Sweetest Girl (Dollar Bill)” Feat. Akon, Lil Wayne, Niia
[Music] Zayn Malik – Entertainer
[Music] Wiz Khalifa – See You Again ft. Charlie Puth
[Music] Exalted Tribe (HICC) – We Dey Halla
[Music] Anna Kendrick – Cups (Pitch Perfect’s “When I’m Gone”)
[Music] Diddy – Dirty Money – “Coming Home” Feat. Skylar Grey
[Music] John Legend – Love Me Now
[Music] Right Said Fred – Stand Up (For the Champions)
[Music] Salvation Ministries Choir – Chioma Me Eh(Good God)
[Music] Celine Dion – If That’s What It Takes
Salvation Ministries Choir – Chioma Me Eh(Good God) [LYRICS]
[Music] P!nk – Try
[Music] Shaggy – Strength Of A Woman
[Music] Jaden Smith – Goku
[Music] Wiz Khalifa – See You Again (Remix) Feat Charlie Puth, Eminem, Tyga, & Chris Brown
[Music] R. Kelly – World’s Greatest
Magic! — Rude [LYRICS]
[Music] Journey – Don’t Stop Believin’
[Music] Cardi B – Bartier Cardi ft. 21 Savage
[Music] Tyga ft. Offset – Taste
[Music] P!nk – “Just Give Me A Reason” Feat. Nate Ruess
[Music] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me
[Music] Post Malone – Candy Paint
[Music] R Kelly – When A Woman Loves
[Music] African China – Western Union
[Music] Luniz – “Got 5 On It” Feat. Michael Marshall (Tethered Mix from US)
[Music] Shaggy – Church Heathen
[Music] Lil Dicky ft. Chris Brown – Freaky Friday
[Music] Alec Benjamin – Let Me Down Slowly
[Music] Jessie J – ‘Bang Bang’ Feat. Ariana Grande & Nicki Minaj
[Music] Loren Allred – Never Enough (From The Greatest Showman)
[Music] Lil Durk – India Pt. II
-
Technology2 years agoVoIP Number: Everything You Need To Know
-
Music5 days ago[Music] Gnash Ft Olivia O’Brien – I Hate you, I Love you
-
Music2 days ago[INSTRUMENTAL] John Legend – All Of Me
-
Music6 days agoAlan Walker – Faded [INSTRUMENTAL]
-
Music3 days ago[Video] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me
-
Music4 days ago[Instrumental] Wiz Khalifa – See You Again ft. Charlie Puth
-
Music1 week ago[Music] Akon – Sorry Blame It On Me
-
ANE Stories6 years ago[STORY] AMAKA THE LESBIAN (Complete Episodes)