Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/allnimfuu/allnaijaentertainment.com/wp-includes/functions.php on line 6114
Cisco patches dangerous bug trio in Nexus Dashboard – All Naija Entertainment
Connect with us
X
Categories:

Technology

Cisco patches dangerous bug trio in Nexus Dashboard

Published

on

Cisco patches dangerous bug trio in Nexus Dashboard
Share this post:

DOWNLOAD MP3 SONG

Inadequate access control and CSRF protections spawn critical and high severity issues.

Serious vulnerabilities in Cisco Nexus Dashboard give attackers a viable path to executing arbitrary commands as root, uploading container image files, or performing cross-site request forgery (CSRF) attacks.

Discovered via internal testing, the trio of unauthenticated bugs – one critical, two high severity – have been patched in the data center management platform’s latest software update.

Cisco said it was not aware of any in-the-wild malicious abuse of the vulnerability.

Vulnerable API

The most severe issue, notching a critical CVSS score of 9.8, could allow an attacker to access a vulnerable API running in the data network and execute arbitrary commands (CVE-2022-20857).

The vulnerability can be abused by sending crafted HTTP requests to the API, which, thanks to insufficient access controls, means an attacker can “execute arbitrary commands as the root user in any pod on a node”, reads a security advisory published on July 20.

The most severe of two high severity issues is the CSRF bug (CVSS 8.8), which exists in the web UI running in the management network.

The vulnerability (CVE-2022-20861) is exploitable “by persuading an authenticated administrator of the web-based management interface to click a malicious link”, said Cisco. Should they achieve this, attackers could then “perform actions with Administrator privileges on an affected device”.

Finally, a flaw with a CVSS rating of 8.2 (CVE-2022-20858) exposes the service that manages container images in both the data and management networks.

RECOMMENDED  A JavaScript bug scanner using graphs finds more than 100 zero-day vulnerabilities in Node.js frameworks

Arising due to insufficient access controls, the vulnerability can be exploited “by opening a TCP connection to the affected service” and downloading container images or uploading malicious container images to an affected device. “The malicious images would be run after the device has rebooted or a pod has restarted,” added Cisco.

Vulnerable versions of Cisco Nexus Dashboard – formerly known as Cisco Application Services Engine – are 1.1, 2.0, 2.1, and 2.2 (although version 1.1 is not affected by CVE-2022-20858). All three flaws have been addressed in version 2.2(1e).

Cisco was unable to provide workarounds to mitigate risks.


Get More Stories Like This On: Facebook: @AllNaijaEntertainment, Twitter: @AllNaijaEntertainment
Chief Oyerigha Echo Toikumoh - The Earlier The Better
Music2 weeks ago

[Music] Chief Oyerigha Echo Toikumoh – The Earlier The Better

Enzo Maresca and Mikel Arteta stated they will not take Pep Guardiola's place at Manchester City
Sports2 weeks ago

Enzo Maresca and Mikel Arteta stated they will not take Pep Guardiola’s place at Manchester City

Alan Shearer reckons Liverpool star is ‘not going to get better’
Sports2 weeks ago

Alan Shearer reckons Liverpool star is ‘not going to get better’

NECO examiners threaten nationwide protest over unpaid entitlements
News2 weeks ago

NECO examiners threaten nationwide protest over unpaid entitlements

Jonathan congratulates Trump on historic election win
News2 weeks ago

Jonathan congratulates Trump on historic election win

Peter Obi can become president in 2027 — Yunusa Tanko
News2 weeks ago

Peter Obi can become president in 2027 — Yunusa Tanko

Dua Lipa forced to cancel show after ‘unforeseen safety issues’
Entertainment2 weeks ago

Dua Lipa forced to cancel show after ‘unforeseen safety issues’

Uzoamaka Onuoha wins Best Female Performance in a feature at AFRIFF 2024
Entertainment2 weeks ago

Uzoamaka Onuoha wins Best Female Performance in a feature at AFRIFF 2024

'Phoenix Fury' bags Best Film award at the 13th edition of AFRIFF
Entertainment2 weeks ago

‘Phoenix Fury’ bags Best Film award at the 13th edition of AFRIFF

Vivo begins teasing new Dimensity 9400 flagships internationally
Technology2 weeks ago

Vivo begins teasing new Dimensity 9400 flagships internationally

Google Pixel 11 and Pixel 11 Pro may trade performance gains for longer battery life
Technology2 weeks ago

Google Pixel 11 and Pixel 11 Pro may trade performance gains for longer battery life

Manchester United players warned ‘only one is safe’ under Ruben Amorim
Sports2 weeks ago

Manchester United players warned ‘only one is safe’ under Ruben Amorim

Austin DeAnda given impromptu makeover after he is forced to have haircut in the middle of fight
Sports2 weeks ago

Austin DeAnda given impromptu makeover after he is forced to have haircut in the middle of fight

IG orders punishment for errant cops
News2 weeks ago

IG orders punishment for errant cops

Be ready to recover stolen mandate — Ighodalo tells PDP
News2 weeks ago

Be ready to recover stolen mandate — Ighodalo tells PDP

No part of Ogun will be ceded under my watch — Dapo Abiodun
News2 weeks ago

No part of Ogun will be ceded under my watch — Dapo Abiodun

Ruger calls out auto tune and hype culture in music
Entertainment2 weeks ago

Ruger calls out auto tune and hype culture in music

I hate to play same role repeatedly — Actress Bimbo Akintola
Entertainment2 weeks ago

I hate to play same role repeatedly — Actress Bimbo Akintola

Fans split on Davido, Wizkid, and Burna Boy's Grammy nominations.
Entertainment2 weeks ago

Fans split on Davido, Wizkid, and Burna Boy’s Grammy nominations

Samsung Galaxy S25 Slim: Leaker reveals launch details for Samsung's rival iPhone 17 Air
Technology2 weeks ago

Samsung Galaxy S25 Slim: Leaker reveals launch details for Samsung’s rival iPhone 17 Air

Realme names first smartphone to get Android 15 beta worldwide
Technology2 weeks ago

Realme names first smartphone to get Android 15 beta worldwide

England interim manager tipped for surprise Premier League job
Sports2 weeks ago

England interim manager tipped for surprise Premier League job

Hakim Ziyech mocks Israeli supporters attacked in Amsterdam
Sports2 weeks ago

Hakim Ziyech mocks Israeli supporters attacked in Amsterdam

Court jails seven for internet fraud in Kaduna
News2 weeks ago

Court jails seven for internet fraud in Kaduna

Edo APC criticizes Obaseki’s last-minute appointments
News2 weeks ago

Edo APC criticizes Obaseki’s last-minute appointments

Edo PDP announces caretaker committee
News2 weeks ago

Edo PDP announces caretaker committee

Tems makes history after securing 3 nominations for the 67th Grammys
Entertainment2 weeks ago

Tems makes history after securing 3 nominations for the 67th Grammys

Beyoncé surpasses Jay-Z to become the most nominated artist in Grammy history
Entertainment2 weeks ago

Beyoncé surpasses Jay-Z to become the most nominated artist in Grammy history

Davido, Wizkid, Tems, Asake make 2025 Grammy nominations
Entertainment2 weeks ago

Davido, Wizkid, Tems, Asake make 2025 Grammy nominations

Davido, Wizkid, Tems, Asake make 2025 Grammy nominations
Entertainment2 weeks ago

2025 GRAMMY: Academy unveils category changes ahead of nomination event

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 weeks ago

[STORY] THE PASTOR’S DAUGHTER (Final Episode 13)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 weeks ago

[STORY] THE PASTOR’S DAUGHTER (Episode 12)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 weeks ago

[STORY] THE PASTOR’S DAUGHTER (Episode 11)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 weeks ago

[STORY] THE PASTOR’S DAUGHTER (Episode 10)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 weeks ago

[STORY] THE PASTOR’S DAUGHTER (Episode 09)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 weeks ago

[STORY] THE PASTOR’S DAUGHTER (Episode 08)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 weeks ago

[STORY] THE PASTOR’S DAUGHTER (Episode 07)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 weeks ago

[STORY] THE PASTOR’S DAUGHTER (Episode 06)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 weeks ago

[STORY] THE PASTOR’S DAUGHTER (Episode 05)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 weeks ago

[STORY] THE PASTOR’S DAUGHTER (Episode 04)

ANE Billboard Hots



Join "ANE sabi" clique

Don't miss a thing, get ogbonge ANE latest updates to fuel your conversation daily.