Lucene search

CiscoCISCO-SA-NDRU-PESC-KZ2PQLZH

HistoryApr 03, 2024 - 4:00 p.m.

Cisco Nexus Dashboard Privilege Escalation Vulnerability

2024-04-0316:00:00

tools.cisco.com

cisco nexus dashboard

privilege escalation

vulnerability

software updates

local attacker

access token

filesystem

containers

security advisory

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.

This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH”]

Affected configurations

Vulners

Node

cisconexus_dashboardMatchany

CPENameOperatorVersion
cisco nexus dashboardeqany
cisco nexus dashboardeqany

CPE	Name	Operator	Version
	cisco nexus dashboard	eq	any
	cisco nexus dashboard	eq	any

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH