var-202207-1553
Vulnerability from variot

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers. Cisco Nexus Dashboard is a single console of Cisco (Cisco). It can simplify the operation and management of the data center network

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202207-1553",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "nexus dashboard",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "2.2\\(1h\\)",
         },
         {
            model: "nexus dashboard",
            scope: "gte",
            trust: 1,
            vendor: "cisco",
            version: "1.1",
         },
         {
            model: "cisco nexus dashboard",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "cisco nexus dashboard",
            scope: "eq",
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-015664",
         },
         {
            db: "NVD",
            id: "CVE-2022-20860",
         },
      ],
   },
   cve: "CVE-2022-20860",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [],
            cvssV3: [
               {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  author: "nvd@nist.gov",
                  availabilityImpact: "NONE",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.2,
                  id: "CVE-2022-20860",
                  impactScore: 5.2,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 2,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "High",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 7.4,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2022-20860",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2022-20860",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2022-20860",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "CVE-2022-20860",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202207-2116",
                  trust: 0.6,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-015664",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202207-2116",
         },
         {
            db: "NVD",
            id: "CVE-2022-20860",
         },
         {
            db: "NVD",
            id: "CVE-2022-20860",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers. Cisco Nexus Dashboard is a single console of Cisco (Cisco). It can simplify the operation and management of the data center network",
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20860",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015664",
         },
         {
            db: "VULHUB",
            id: "VHN-405413",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20860",
         },
      ],
      trust: 1.8,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2022-20860",
            trust: 3.4,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015664",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202207-2116",
            trust: 0.7,
         },
         {
            db: "CS-HELP",
            id: "SB2022072129",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-405413",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2022-20860",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-405413",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20860",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015664",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202207-2116",
         },
         {
            db: "NVD",
            id: "CVE-2022-20860",
         },
      ],
   },
   id: "VAR-202207-1553",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-405413",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-08-14T14:31:03.398000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-nd-tlsvld-TbAQLp3N",
            trust: 0.8,
            url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-tlsvld-TbAQLp3N",
         },
         {
            title: "Cisco Nexus Dashboard Repair measures for trust management problem vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200872",
         },
         {
            title: "Cisco: Cisco Nexus Dashboard SSL Certificate Validation Vulnerability",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-nd-tlsvld-TbAQLp3N",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2022-20860",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015664",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202207-2116",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-295",
            trust: 1.1,
         },
         {
            problemtype: "Illegal certificate verification (CWE-295) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-405413",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015664",
         },
         {
            db: "NVD",
            id: "CVE-2022-20860",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.5,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-nd-tlsvld-tbaqlp3n",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-20860",
         },
         {
            trust: 0.6,
            url: "https://cxsecurity.com/cveshow/cve-2022-20860/",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2022072129",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-405413",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20860",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015664",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202207-2116",
         },
         {
            db: "NVD",
            id: "CVE-2022-20860",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-405413",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20860",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015664",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202207-2116",
         },
         {
            db: "NVD",
            id: "CVE-2022-20860",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-07-21T00:00:00",
            db: "VULHUB",
            id: "VHN-405413",
         },
         {
            date: "2022-07-21T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20860",
         },
         {
            date: "2023-09-28T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-015664",
         },
         {
            date: "2022-07-20T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202207-2116",
         },
         {
            date: "2022-07-21T04:15:10.417000",
            db: "NVD",
            id: "CVE-2022-20860",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-07-27T00:00:00",
            db: "VULHUB",
            id: "VHN-405413",
         },
         {
            date: "2022-07-21T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20860",
         },
         {
            date: "2023-09-28T05:30:00",
            db: "JVNDB",
            id: "JVNDB-2022-015664",
         },
         {
            date: "2022-07-28T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202207-2116",
         },
         {
            date: "2023-11-07T03:43:08.823000",
            db: "NVD",
            id: "CVE-2022-20860",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202207-2116",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Cisco Nexus Dashboard  Certificate validation vulnerabilities in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-015664",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "trust management problem",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202207-2116",
         },
      ],
      trust: 0.6,
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.