How To Fix CVE-2022-20857- An Arbitrary Command Execution Vulnerability In Cisco Nexus Dashboard

The network appliances manufacturer giant Cisco published an advisory on 20th July in which Cisco detailed about four new vulnerabilities in Cisco Nexus Dashboard. The vulnerabilities are tracked as CVE-2022-20857, CVE-2022-20858, CVE-2022-20860, and CVE-2022-20861 are one critical and three high severity vulnerabilities with a CVSS score of 9.9, 8.2, 7.4, and 8.8 out of 10. These flaws allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, alter communications with associated controllers or view sensitive information, or perform a cross-site request forgery attack on the affected versions of the Cisco Nexus dashboard. Since the successful exploitation of these flaws allows the attackers to execute an arbitrary command and steal sensitive information, including Administrator credentials, It is considered critical and should fix it as soon as possible. Let’s see how to fix CVE-2022-20857, An Arbitrary Command Execution Vulnerability in Cisco Nexus Dashboard.

A short Introduction About The Cisco Nexus Dashboard

Cisco Nexus Dashboard is a web-based graphical user interface (GUI) that enables you to manage and monitor your Cisco Nexus devices. It provides you with an at-a-glance view of the health and status of your devices, as well as detailed information on device configuration, performance, and security. Cisco Nexus Dashboard is included with the purchase of any Cisco Nexus device. It does not require a license. It is available for free download from the Cisco website.

Easy to use

Easy to scale

Easy to maintain

List Of Vulnerabilities Published In The Advisory:

Summary Of CVE-2022-20857:

This is an arbitrary command execution vulnerability in Cisco Nexus Dashboard. The advisory says that this vulnerability is due to insufficient access controls for a specific API. This could lead to executing arbitrary commands as the root user in any pod on a node. The flaw could be exploited by sending crafted HTTP requests to the affected API. This ACE flaw allows an unauthenticated, remote attacker to access a specific API that is running in the data network and execute arbitrary commands on an affected device.

Summary Of CVE-2022-20858:

This is a Container Image Read and Write Vulnerability in Cisco Nexus Dashboard. The advisory says that this vulnerability is due to insufficient access controls for a service that manages container images. This could lead to download container images or upload malicious container images to an affected device and run them after a reboot. The flaw could be exploited by opening a TCP connection to the affected service. This Container Image Read and Write flaw allows an unauthenticated, remote attacker to access a service that is running in the data and management networks on an affected device.

Summary Of CVE-2022-20860:

This is an SSL Certificate Validation Vulnerability in Cisco Nexus Dashboard. The advisory says that this vulnerability is due to spiking the validation of SSL server certificates when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. This could lead to alter communications between devices or view sensitive information, including Administrator credentials for these controllers. The flaw could be abused to impersonate the controllers by using a crafted certificate by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers. This SSL Certificate Validation flaw allows an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information.

Summary Of CVE-2022-20861:

This is a Cross-Site Request Forgery vulnerability in Cisco Nexus Dashboard. The advisory says that this vulnerability is due to insufficient CSRF protections for the web UI on an affected device. This could lead to perform actions with Administrator privileges on an affected device. The flaw could be exploited by persuading an authenticated administrator of the web-based management interface to click a malicious link. This CSRF flaw allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack in the web UI that is running in the management network of the Cisco Nexus Dashboard.

Cisco Nexus Dashboard Version Vulnerable To These vulnerabilities:

This vulnerability affects all versions of Cisco Nexus Dashboard 1.1 and later. Please check the version of your Cisco Nexus Dashboard and fix the CVE-2022-20857, CVE-2022-20858, CVE-2022-20860, and CVE-2022-20861 flaws as per your change schedule.

How To Check Your Cisco Nexus Dashboard Is Vulnerable To CVE-2022-20857?

Well, it is easy to check if your Cisco Nexus dashboard is vulnerable. You need to check the version of the Cisco Nexus dashboard you use. Run this simple command to check the version of the Cisco Nexus dashboard.

As said in the previous section, all versions of Cisco Nexus Dashboard 1.1 and later are vulnerable to these flaws.

# acs version

This returns the Nexus Dashboard version.

How To Fix CVE-2022-20857- An Arbitrary Command Execution Vulnerability In Cisco Nexus Dashboard?

Cisco has released security patches to fix the CVE-2022-20857 vulnerability. Please refer to this table to see the vulnerable versions of Cisco Nexus Dashboard with recommended fixes. We recommend upgrading to an appropriate fixed software release, as shown in the below table.

How to Fix CVE-2022-20857?

The solution to fix the CVE-2022-20857 is to upgrade the Cisco Nexus Dashboard to the recommended versions. You can upgrade the dashboard one after one manually or you can go for cluster upgrade. 
We are going to cover the manual upgradation procedure as this can be generally applied to anything.

Step 1. Log in to the nodes 1

Log in to each node you want to upgrade.

Step 2. Upload the ISO image

Download or copy the upgrade ISO image file into the /tmp directory on each node.

Step 3. Initiate the upgrade process

You can use this command to run the upgrade. Note: You can run this upgrdation simultaneously on all the nodes.

# acs installer update -f /tmp/nd-dk9.2.2.1e.iso

Step 4. Wait for the upgrade to complete

Before go to the next step, you must wait for the upgradation process to be completed on all the nodes.

Step 5. Reboot all the nodes

Make sure that the upgradation process is completed on all nodes before restarting any one node. Upon the completion of the upgradation process on all the nodes, reboot the nodes using this command.

# acs reboot

Step 6. Run the health check and check the version info

Run these commands to check the health and version information:

# acs health

# acs version

Please visit the Cisco Nexus Dashboard User Guide for the complete details.

We hope this post would help you know how to fix CVE-2022-20857, an arbitrary command execution vulnerability in Cisco Nexus Dashboard. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.