CVE-2022-20908 — Vulnetix

CVE-2022-20908 PUBLISHED CVSS 6 MEDIUM

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.

EPSS 0.03% · 7.8th percentile

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.03%

7.8th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Nexus Dashboard	*
cisco	nexus_dashboard	2.0

Exploit Intelligence

20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities (circl)

Timeline

Jul 21, 2022 EPSS Score
Jul 21, 2022 CVE Published
Jul 30, 2022 EPSS Score
Sep 6, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 9, 2022 EPSS Score
Jan 24, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 12, 2023 EPSS Score
Jun 14, 2023 EPSS Score
Jul 31, 2023 EPSS Score
Sep 16, 2023 EPSS Score

References

20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-20908 advisory

Open in Interactive Console →