• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»Cisco Patched A number of Safety Vulnerabilities In Nexus Dashboard
Security

Cisco Patched A number of Safety Vulnerabilities In Nexus Dashboard

August 1, 2022Updated:August 1, 2022No Comments2 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Latest Hacking News
Share
Facebook Twitter LinkedIn Pinterest Email

Cisco has addressed quite a few vulnerabilities in its Nexus Dashboard. Exploiting these vulnerabilities might enable attackers to conduct CSRF assaults or execute arbitrary code.

Cisco Nexus Dashboard Vulnerabilities

Elaborating on the safety points in a current advisory, Cisco has confirmed patching three completely different vulnerabilities within the Nexus Dashboard.

Cisco’s Nexus Dashboard is a devoted cloud community dashboard enabling customers to watch and handle the whole information middle infrastructure operations. Sadly, these essential functionalities additionally imply that any safety flaws affecting this software would immediately threat the safety of the related community.

Describing the influence of those vulnerabilities, the advisory reads,

Cisco Nexus Dashboard is deployed as a cluster, connecting every service node to 2 networks:
-Information community (fabric0, fabric1)
-Administration community (mgmt0, mgmt1)
The scope of those exploits might be restricted to the community interfaces which have publicity.

Particularly, Cisco has addressed the next three vulnerabilities within the software.

  • CVE-2022-20857 (essential severity; CVSS 9.8): inadequate entry controls in a selected API allowed an unauthenticated, distant adversary to execute arbitrary codes on the goal system. Exploiting the flaw merely required the attacker to ship maliciously crafted HTTP requests to the API.
  • CVE-2022-20861 (high-severity; CVSS 8.8.): poor CSRF protections within the Nexus Dashboard internet UI allowed an unauthenticated, distant attacker to conduct cross-site request forgery (CSRF) assaults. An adversary might persuade the goal authenticated person to click on on a maliciously crafted hyperlink to set off the bug. As soon as achieved, the flaw would supply the attacker admin entry to the system, empowering the attacker to carry out any meant actions.
  • CVE-2022-20858 (high-severity; CVSS 8.2): the service managing container photographs has poor entry controls. Therefore, an unauthenticated, distant adversary might set off the flaw by opening a TCP connection to the susceptible gadget. As soon as achieved, the adversary might then add malicious container photographs or obtain the prevailing container photographs.
See also  What’s lurking in the shadows? How to manage the security risks of shadow IT

Patches Deployed

Cisco has addressed all three vulnerabilities with the Nexus Dashboard releases 1.1, 2.0, 2.1, and a couple of.2. Moreover, the distributors confirmed no viable workarounds for the failings, urging customers to replace their techniques on the earliest to remain protected.

Source link

Cisco Dashboard multiple Nexus Patched security vulnerabilities
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Bitdefender Total Security review

March 6, 2024

Avast Premium Security review

March 6, 2024

Eset Home Security Ultimate review

January 23, 2024

AVG Internet Security review

October 31, 2023
Add A Comment

Comments are closed.

Editors Picks

Lionsgate removed more than 30 F-bombs from the movie ‘Fall’ using deepfake technology

August 11, 2022

Rockstar hits former GTA dev with copyright strikes on prototype videos

August 22, 2022

Ubisoft cancels a number of video games together with Ghost Recon Frontline and Splinter Cell VR

July 24, 2022

Apple Updates Siri Remote Firmware

July 8, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.