← Zuruck zu CVEs
CVE-2022-20909
MEDIUM6.0
Beschreibung
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.
CVE Details
CVSS v3.1 Bewertung6.0
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht7/22/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
cisco:nexus_dashboard
Schwachen (CWE)
CWE-367CWE-20
Referenzen
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.