Cisco has fixed various flaws in the Cisco Nexus Dashboard data center management solution in a recent security patch that can let remote attackers execute commands and perform actions with root or Administrator privileges.

There are many vulnerabilities in Cisco Nexus Dashboard that could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.

“A successful exploit could allow the attacker to perform actions with Administrator privileges on an affected device,” Cisco said.

Affected Versions

The flaw only affects Cisco Nexus Dashboard 1.1 and later. Cisco has addressed the flaws in the 2.2(1e) security update published today and advises customers to migrate to a fixed release as soon as possible.

The flaws are not dependent on each other. One flaw being exploited does not give access to another flaw. In addition, software that is affected by one of the flaws may not be affected by all others.

Michael J Davenport of Cisco’s Advanced Security Initiatives Group (ASIG) found these vulnerabilities during internal security testing.

Cisco Product Security Incident Response Team (PSIRT) has not identified any public exploits or any exploitation of these flaws in the wild at this time.