← volver
CVE-2022-20913

Cisco Nexus Dashboard Arbitrary File Write Vulnerability

CVSS 4.9 MEDIUMEPSS 1.0%CWE-23
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.9EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
21 jul 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Productos afectados
Cisco · Cisco Nexus Dashboard

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-afw-2MT9tb99