Published on: Not Yet Published
Last Modified on: 07/29/2022 12:49:00 PM UTC
CVE-2022-20906 - advisory for cisco-sa-ndb-mprvesc-EMhDgXe5Source: Mitre Source: NIST CVE.ORG Print: PDF
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.
- CVE-2022-20906 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
- The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory.
- Affected Vendor/Software: Cisco - Cisco Nexus Dashboard version n/a
CVSS3 Score: 6.7 - MEDIUM
|No Description Provided|| tools.cisco.com |
|CISCO 20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities|
Related QID Numbers
- 317211 Cisco Nexus Dashboard Multiple Vulnerabilities (cisco-sa-ndb-mprvesc-EMhDgXe5)
Known Affected Configurations (CPE V2.3)
|@CVEreport||CVE-2022-20906 : Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to… twitter.com/i/web/status/1…||2022-07-22 03:29:22|
|@LinInfoSec||Nexus - CVE-2022-20906: tools.cisco.com/security/cente…||2022-07-22 06:13:29|