The vulnerability of the TLS and SSL protocols used by Cisco Nexus Dashboard for analyzing and automating cloud network operations stems from errors in the certificate validation process. This allows attackers to access confidential information or alter data.

🗓️ 02 Aug 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Certificate validation errors in Cisco Nexus Dashboard allow attackers to access data or modify it with forged certificates.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2022-20860	20 Jul 202223:00	–	attackerkb
Circl	CVE-2022-20860	21 Jul 202207:12	–	circl
Cisco	Cisco Nexus Dashboard SSL Certificate Validation Vulnerability	20 Jul 202216:00	–	cisco
CNNVD	Cisco Nexus Dashboard 信任管理问题漏洞	20 Jul 202200:00	–	cnnvd
CVE	CVE-2022-20860	21 Jul 202203:45	–	cve
Cvelist	CVE-2022-20860 Cisco Nexus Dashboard SSL Certificate Validation Vulnerability	21 Jul 202203:45	–	cvelist
EUVD	EUVD-2022-26110	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Cisco Nexus Dashboard	21 Jul 202200:00	–	ncsc
NVD	CVE-2022-20860	21 Jul 202204:15	–	nvd
Prion	Design/Logic Flaw	21 Jul 202204:15	–	prion

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-20860
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-tlsvld-TbAQLp3N
web	www.web.nvd.nist.gov/view/vuln/detail

02 Aug 2022 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 27.1

CVSS 37.4

EPSS0.00251

certificate validation forged certificates Cisco Nexus Dashboard data confidentiality data modification