Cisco Security Advisory - Cisco Nexus Dashboard SSL Certificate Validation Vulnerability

[Netwörkheäd]

Cisco Nexus Dashboard SSL Certificate Validation Vulnerability

<p>A vulnerability in the SSL/TLS implementation of Cisco&nbsp;Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information.</p>
<p>This vulnerability exists because SSL server certificates are not validated when Cisco&nbsp;Nexus Dashboard is establishing a connection to Cisco&nbsp;Application Policy Infrastructure Controller (APIC), Cisco&nbsp;Cloud APIC, or Cisco&nbsp;Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers.&nbsp;An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including&nbsp;<em>Administrator</em> credentials for these controllers.</p>
<p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-tlsvld-TbAQLp3N" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-tlsvld-TbAQLp3N</a></p>

     
         
Security Impact Rating:  High
   
   
       
CVE: CVE-2022-20860
Source: Cisco Nexus Dashboard SSL Certificate Validation Vulnerability