Text only | Text with Images

Networking-Forums.com

Professional Discussions => Vendor Advisories => Topic started by: Netwörkheäd on July 21, 2022, 12:13:52 PM

Title: Cisco Security Advisory - Cisco Nexus Dashboard SSL Certificate Validation Vulnerability
Post by: Netwörkheäd on July 21, 2022, 12:13:52 PM
Cisco Nexus Dashboard SSL Certificate Validation Vulnerability

<p>A vulnerability in the SSL/TLS implementation of Cisco&nbsp;Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information.</p>
<p>This vulnerability exists because SSL server certificates are not validated when Cisco&nbsp;Nexus Dashboard is establishing a connection to Cisco&nbsp;Application Policy Infrastructure Controller (APIC), Cisco&nbsp;Cloud APIC, or Cisco&nbsp;Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers.&nbsp;An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including&nbsp;<em>Administrator</em> credentials for these controllers.</p>
<p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-tlsvld-TbAQLp3N" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-tlsvld-TbAQLp3N</a></p>

     
         
Security Impact Rating:  High
   
   
       
CVE: CVE-2022-20860
Source: Cisco Nexus Dashboard SSL Certificate Validation Vulnerability (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-tlsvld-TbAQLp3N?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Nexus%20Dashboard%20SSL%20Certificate%20Validation%20Vulnerability&vs_k=1)
Text only | Text with Images