CVE-2022-20906— Cisco Nexus Dashboard 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2022-20906の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
ソース: NVD (National Vulnerability Database)
脆弱性説明
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
检查时间与使用时间(TOCTOU)的竞争条件
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Cisco Nexus Dashboard 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Cisco Nexus Dashboard是美国思科(Cisco)公司的一个单一控制台。能够简化数据中心网络的运营和管理。 Cisco Nexus Dashboard 存在安全漏洞,经过身份验证的本地攻击者可以提升受影响设备的权限。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Cisco | Cisco Nexus Dashboard | n/a | - |
II. CVE-2022-20906の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2022-20906のインテリジェンス情報
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5vendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2022-20906
Same Patch Batch · Cisco · 2022-07-21 · 45 CVEs total
| CVE-2022-20857 | 9.8 CRITICAL | Cisco Nexus Dashboard Unauthorized Access Vulnerabilities |
| CVE-2022-20858 | 9.8 CRITICAL | Cisco Nexus Dashboard Unauthorized Access Vulnerabilities |
| CVE-2022-20861 | 9.8 CRITICAL | Cisco Nexus Dashboard Unauthorized Access Vulnerabilities |
| CVE-2022-20860 | 7.4 HIGH | Cisco Nexus Dashboard SSL Certificate Validation Vulnerability |
| CVE-2022-20916 | 6.1 MEDIUM | Cisco IoT Control Center Cross-Site Scripting Vulnerability |
| CVE-2022-20907 | 6.0 MEDIUM | Cisco Nexus Dashboard Privilege Escalation Vulnerabilities |
| CVE-2022-20909 | 6.0 MEDIUM | Cisco Nexus Dashboard Privilege Escalation Vulnerabilities |
| CVE-2022-20908 | 6.0 MEDIUM | Cisco Nexus Dashboard Privilege Escalation Vulnerabilities |
| CVE-2022-20913 | 4.9 MEDIUM | Cisco Nexus Dashboard Arbitrary File Write Vulnerability |
| CVE-2022-20912 | 4.7 MEDIUM | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution an |
| CVE-2022-20876 | 4.7 MEDIUM | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution an |
| CVE-2022-20875 | 4.7 MEDIUM | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution an |
| CVE-2022-20902 | 4.7 MEDIUM | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution an |
| CVE-2022-20901 | 4.7 MEDIUM | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution an |
| CVE-2022-20900 | 4.7 MEDIUM | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution an |
| CVE-2022-20899 | 4.7 MEDIUM | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution an |
| CVE-2022-20898 | 4.7 MEDIUM | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution an |
| CVE-2022-20897 | 4.7 MEDIUM | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution an |
| CVE-2022-20896 | 4.7 MEDIUM | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution an |
| CVE-2022-20903 | 4.7 MEDIUM | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution an |
Showing 20 of 45 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Cisco Nexus Dashboard
- CVE-2026-20174
Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerab - CVE-2026-20042
Cisco Nexus Dashboard Configuration REST API Unauthorized Ac - CVE-2026-20041
Cisco Nexus Dashboard Server Side Request Forgery Vulnerabil - CVE-2025-20348
Cisco Nexus Dashboard Unauthorized REST API Vulnerability - CVE-2025-20344
Cisco Nexus Dashboard Path Traversal Vulnerability
同じベンダー: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
同じ弱点: CWE-367
- CVE-2026-42344
FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress al - CVE-2026-44694
n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API clien - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2026-34354
Akamai Guardicore Platform Agent 安全漏洞 - CVE-2026-41002
VMware Spring Cloud Config 安全漏洞
V. CVE-2022-20906へのコメント
まだコメントはありません