var-202207-1553
Vulnerability from variot
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers. Cisco Nexus Dashboard is a single console of Cisco (Cisco). It can simplify the operation and management of the data center network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-1553", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "nexus dashboard", scope: "lt", trust: 1, vendor: "cisco", version: "2.2\\(1h\\)", }, { model: "nexus dashboard", scope: "gte", trust: 1, vendor: "cisco", version: "1.1", }, { model: "cisco nexus dashboard", scope: null, trust: 0.8, vendor: "シスコシステムズ", version: null, }, { model: "cisco nexus dashboard", scope: "eq", trust: 0.8, vendor: "シスコシステムズ", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015664", }, { db: "NVD", id: "CVE-2022-20860", }, ], }, cve: "CVE-2022-20860", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, id: "CVE-2022-20860", impactScore: 5.2, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, { attackComplexity: "High", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.4, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-20860", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-20860", trust: 1, value: "HIGH", }, { author: "ykramarz@cisco.com", id: "CVE-2022-20860", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-20860", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202207-2116", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015664", }, { db: "CNNVD", id: "CNNVD-202207-2116", }, { db: "NVD", id: "CVE-2022-20860", }, { db: "NVD", id: "CVE-2022-20860", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers. Cisco Nexus Dashboard is a single console of Cisco (Cisco). It can simplify the operation and management of the data center network", sources: [ { db: "NVD", id: "CVE-2022-20860", }, { db: "JVNDB", id: "JVNDB-2022-015664", }, { db: "VULHUB", id: "VHN-405413", }, { db: "VULMON", id: "CVE-2022-20860", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-20860", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2022-015664", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202207-2116", trust: 0.7, }, { db: "CS-HELP", id: "SB2022072129", trust: 0.6, }, { db: "VULHUB", id: "VHN-405413", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-20860", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-405413", }, { db: "VULMON", id: "CVE-2022-20860", }, { db: "JVNDB", id: "JVNDB-2022-015664", }, { db: "CNNVD", id: "CNNVD-202207-2116", }, { db: "NVD", id: "CVE-2022-20860", }, ], }, id: "VAR-202207-1553", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-405413", }, ], trust: 0.01, }, last_update_date: "2024-08-14T14:31:03.398000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "cisco-sa-nd-tlsvld-TbAQLp3N", trust: 0.8, url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-tlsvld-TbAQLp3N", }, { title: "Cisco Nexus Dashboard Repair measures for trust management problem vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200872", }, { title: "Cisco: Cisco Nexus Dashboard SSL Certificate Validation Vulnerability", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-nd-tlsvld-TbAQLp3N", }, ], sources: [ { db: "VULMON", id: "CVE-2022-20860", }, { db: "JVNDB", id: "JVNDB-2022-015664", }, { db: "CNNVD", id: "CNNVD-202207-2116", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-295", trust: 1.1, }, { problemtype: "Illegal certificate verification (CWE-295) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-405413", }, { db: "JVNDB", id: "JVNDB-2022-015664", }, { db: "NVD", id: "CVE-2022-20860", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-nd-tlsvld-tbaqlp3n", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-20860", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-20860/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022072129", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-405413", }, { db: "VULMON", id: "CVE-2022-20860", }, { db: "JVNDB", id: "JVNDB-2022-015664", }, { db: "CNNVD", id: "CNNVD-202207-2116", }, { db: "NVD", id: "CVE-2022-20860", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-405413", }, { db: "VULMON", id: "CVE-2022-20860", }, { db: "JVNDB", id: "JVNDB-2022-015664", }, { db: "CNNVD", id: "CNNVD-202207-2116", }, { db: "NVD", id: "CVE-2022-20860", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-21T00:00:00", db: "VULHUB", id: "VHN-405413", }, { date: "2022-07-21T00:00:00", db: "VULMON", id: "CVE-2022-20860", }, { date: "2023-09-28T00:00:00", db: "JVNDB", id: "JVNDB-2022-015664", }, { date: "2022-07-20T00:00:00", db: "CNNVD", id: "CNNVD-202207-2116", }, { date: "2022-07-21T04:15:10.417000", db: "NVD", id: "CVE-2022-20860", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-27T00:00:00", db: "VULHUB", id: "VHN-405413", }, { date: "2022-07-21T00:00:00", db: "VULMON", id: "CVE-2022-20860", }, { date: "2023-09-28T05:30:00", db: "JVNDB", id: "JVNDB-2022-015664", }, { date: "2022-07-28T00:00:00", db: "CNNVD", id: "CNNVD-202207-2116", }, { date: "2023-11-07T03:43:08.823000", db: "NVD", id: "CVE-2022-20860", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202207-2116", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco Nexus Dashboard Certificate validation vulnerabilities in", sources: [ { db: "JVNDB", id: "JVNDB-2022-015664", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "trust management problem", sources: [ { db: "CNNVD", id: "CNNVD-202207-2116", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.