Auto-merge PR#6596

2025-07-30 18:04:30 +00:00 · 2022-07-21 23:20:15 -04:00 · 2022-07-21 23:20:15 -04:00 · 74e01fa443
commit 74e01fa443
parent 182907355d dd70e57b31
1 changed files with 78 additions and 7 deletions
--- a/2022/20xxx/CVE-2022-20908.json
+++ b/2022/20xxx/CVE-2022-20908.json
@ -1,18 +1,89 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2022-07-20T23:00:00",
        "ID": "CVE-2022-20908",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco Nexus Dashboard Privilege Escalation Vulnerabilities"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco Nexus Dashboard ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.\r These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.\r "
            }
        ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "6.0",
+            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-367"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20220720 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-ndb-mprvesc-EMhDgXe5",
+        "defect": [
+            [
+                "CSCwa75446",
+                "CSCwa93561",
+                "CSCwa93569",
+                "CSCwa93570"
+            ]
+        ],
+        "discovery": "INTERNAL"
    }
-}
+}