cisco-sa-nd-tlsvld-TbAQLp3N: Cisco Nexus Dashboard SSL Certificate Validation Vulnerability
First published: Wed Jul 20 2022(Updated: )
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-tlsvld-TbAQLp3N
Credit: by Logan Sanderson the Cisco Advanced Security Initiatives Group
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Nexus Dashboard | >=1.1=2.0=2.1<=2.2<2.2(1h) | 2.2(1h) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is Cisco Nexus Dashboard SSL Certificate Validation Vulnerability?
Cisco Nexus Dashboard is vulnerable to SSL certificate validation issues, allowing unauthenticated remote attackers to manipulate communications or access sensitive information.
What is the severity of Cisco Nexus Dashboard SSL Certificate Validation Vulnerability?
The severity of the Cisco Nexus Dashboard SSL Certificate Validation Vulnerability is high with a CVSS score of 7.4.
Which versions of Cisco Nexus Dashboard are affected by this vulnerability?
Cisco Nexus Dashboard versions 1.1, 2.0, 2.1, up to and including 2.2(1h) are affected by this vulnerability.
How can an attacker exploit this vulnerability?
An unauthenticated remote attacker can exploit this vulnerability by altering communications with associated controllers or viewing sensitive information.
Is there a fix available for Cisco Nexus Dashboard SSL Certificate Validation Vulnerability?
Yes, Cisco has provided a remedy for this vulnerability by releasing version 2.2(1h) and recommends upgrading to a fixed software release.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/tags
- agent/description
- agent/event
- vendor/cisco
- canonical/cisco nexus dashboard
- version/cisco nexus dashboard/1.1
- version/cisco nexus dashboard/2.0
- version/cisco nexus dashboard/2.1
- version/cisco nexus dashboard/2.2