• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2022-20857- An Arbitrary Command Execution Vulnerability In Cisco Nexus Dashboard
How to Fix CVE-2022-20857- An Arbitrary Command Execution Vulnerability in Cisco Nexus Dashboard

The network appliances manufacturer giant Cisco published an advisory on 20th July in which Cisco detailed about four new vulnerabilities in Cisco Nexus Dashboard. The vulnerabilities are tracked as CVE-2022-20857, CVE-2022-20858, CVE-2022-20860, and CVE-2022-20861 are one critical and three high severity vulnerabilities with a CVSS score of 9.9, 8.2, 7.4, and 8.8 out of 10. These flaws allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, alter communications with associated controllers or view sensitive information, or perform a cross-site request forgery attack on the affected versions of the Cisco Nexus dashboard. Since the successful exploitation of these flaws allows the attackers to execute an arbitrary command and steal sensitive information, including Administrator credentials, It is considered critical and should fix it as soon as possible. Let’s see how to fix CVE-2022-20857, An Arbitrary Command Execution Vulnerability in Cisco Nexus Dashboard.

A short Introduction About The Cisco Nexus Dashboard

Cisco Nexus Dashboard is a web-based graphical user interface (GUI) that enables you to manage and monitor your Cisco Nexus devices. It provides you with an at-a-glance view of the health and status of your devices, as well as detailed information on device configuration, performance, and security. Cisco Nexus Dashboard is included with the purchase of any Cisco Nexus device. It does not require a license. It is available for free download from the Cisco website.

Easy to use

  • Customizable role-based UI view to provide a focused view on network operator use cases
  • Single Sign-On (SSO) for seamless user experience across operation services
  • Single console for health monitoring and quick service turn-up

Easy to scale

  • Ensure high availability, scale-out operations from a single dashboard
  • Scale use cases leveraging flexible deployment options
  • Operations that span across on-premises, multi-cloud, and edge networks

Easy to maintain

  • Seamless integration and lifecycle management of operational services
  • Onboard and manage operational services across on-premises, cloud, or hybrid environments
  • Single integration point for critical third-party applications and tools

List Of Vulnerabilities Published In The Advisory:

  1. CVE-2022-20857: An Arbitrary Command Execution Vulnerability in Cisco Nexus Dashboard
  2. CVE-2022-20858: A Container Image Read and Write Vulnerability in Cisco Nexus Dashboard
  3. CVE-2022-20860: A SSL Certificate Validation Vulnerability in Cisco Nexus Dashboard
  4. CVE-2022-20861: A Cross-Site Request Forgery Vulnerability in Cisco Nexus Dashboard

Summary Of CVE-2022-20857:

This is an arbitrary command execution vulnerability in Cisco Nexus Dashboard. The advisory says that this vulnerability is due to insufficient access controls for a specific API. This could lead to executing arbitrary commands as the root user in any pod on a node. The flaw could be exploited by sending crafted HTTP requests to the affected API. This ACE flaw allows an unauthenticated, remote attacker to access a specific API that is running in the data network and execute arbitrary commands on an affected device.

Associated CVE IDCVE-2022-20857
DescriptionAn Arbitrary Command Execution Vulnerability in Cisco Nexus Dashboard
Associated ZDI ID
CVSS Score9.8 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PRLow
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
Availability (a)High

Summary Of CVE-2022-20858:

This is a Container Image Read and Write Vulnerability in Cisco Nexus Dashboard. The advisory says that this vulnerability is due to insufficient access controls for a service that manages container images. This could lead to download container images or upload malicious container images to an affected device and run them after a reboot. The flaw could be exploited by opening a TCP connection to the affected service. This Container Image Read and Write flaw allows an unauthenticated, remote attacker to access a service that is running in the data and management networks on an affected device.

Associated CVE IDCVE-2022-20858
DescriptionA Container Image Read and Write Vulnerability in Cisco Nexus Dashboard
Associated ZDI ID
CVSS Score8.2 High
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PRLow
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
Availability (a)High

Summary Of CVE-2022-20860:

This is an SSL Certificate Validation Vulnerability in Cisco Nexus Dashboard. The advisory says that this vulnerability is due to spiking the validation of SSL server certificates when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. This could lead to alter communications between devices or view sensitive information, including Administrator credentials for these controllers. The flaw could be abused to impersonate the controllers by using a crafted certificate by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers. This SSL Certificate Validation flaw allows an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information.

Associated CVE IDCVE-2022-20860
DescriptionA SSL Certificate Validation Vulnerability in Cisco Nexus Dashboard
Associated ZDI ID
CVSS Score7.4 High
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PRLow
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
Availability (a)None

Summary Of CVE-2022-20861:

This is a Cross-Site Request Forgery vulnerability in Cisco Nexus Dashboard. The advisory says that this vulnerability is due to insufficient CSRF protections for the web UI on an affected device. This could lead to perform actions with Administrator privileges on an affected device. The flaw could be exploited by persuading an authenticated administrator of the web-based management interface to click a malicious link. This CSRF flaw allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack in the web UI that is running in the management network of the Cisco Nexus Dashboard.

Associated CVE IDCVE-2022-20861
DescriptionA Cross-Site Request Forgery Vulnerability in Cisco Nexus Dashboard
Associated ZDI ID
CVSS Score8.8 High
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PRLow
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
Availability (a)High

Cisco Nexus Dashboard Version Vulnerable To These vulnerabilities:

This vulnerability affects all versions of Cisco Nexus Dashboard 1.1 and later. Please check the version of your Cisco Nexus Dashboard and fix the CVE-2022-20857, CVE-2022-20858, CVE-2022-20860, and CVE-2022-20861 flaws as per your change schedule.

How To Check Your Cisco Nexus Dashboard Is Vulnerable To CVE-2022-20857?

Well, it is easy to check if your Cisco Nexus dashboard is vulnerable. You need to check the version of the Cisco Nexus dashboard you use. Run this simple command to check the version of the Cisco Nexus dashboard.

As said in the previous section, all versions of Cisco Nexus Dashboard 1.1 and later are vulnerable to these flaws.

# acs version

This returns the Nexus Dashboard version.

How To Fix CVE-2022-20857- An Arbitrary Command Execution Vulnerability In Cisco Nexus Dashboard?

Cisco has released security patches to fix the CVE-2022-20857 vulnerability. Please refer to this table to see the vulnerable versions of Cisco Nexus Dashboard with recommended fixes. We recommend upgrading to an appropriate fixed software release, as shown in the below table.

Cisco Nexus Dashboard ReleaseFirst Fixed Release
1.11Migrate to a fixed release.
2.0Migrate to a fixed release.
2.1Migrate to a fixed release.
2.22.2(1e)

Time needed: 30 minutes.

How to Fix CVE-2022-20857?

The solution to fix the CVE-2022-20857 is to upgrade the Cisco Nexus Dashboard to the recommended versions. You can upgrade the dashboard one after one manually or you can go for cluster upgrade

We are going to cover the manual upgradation procedure as this can be generally applied to anything.

  1. Log in to the nodes 1

    Log in to each node you want to upgrade.

  2. Upload the ISO image

    Download or copy the upgrade ISO image file into the /tmp directory on each node.

  3. Initiate the upgrade process

    You can use this command to run the upgrade. Note: You can run this upgrdation simultaneously on all the nodes.

    # acs installer update -f /tmp/nd-dk9.2.2.1e.iso

  4. Wait for the upgrade to complete

    Before go to the next step, you must wait for the upgradation process to be completed on all the nodes.

  5. Reboot all the nodes

    Make sure that the upgradation process is completed on all nodes before restarting any one node. Upon the completion of the upgradation process on all the nodes, reboot the nodes using this command.

    # acs reboot

  6. Run the health check and check the version info

    Run these commands to check the health and version information:

    # acs health

    # acs version

Please visit the Cisco Nexus Dashboard User Guide for the complete details.

We hope this post will help you know how to fix CVE-2022-20857, an arbitrary command execution vulnerability in Cisco Nexus Dashboard. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.