6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.
This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.
[
{
"vendor": "Cisco",
"product": "Cisco Nexus Dashboard",
"versions": [
{
"version": "1.1(0c)",
"status": "affected"
},
{
"version": "1.1(0d)",
"status": "affected"
},
{
"version": "1.1(2h)",
"status": "affected"
},
{
"version": "1.1(2i)",
"status": "affected"
},
{
"version": "1.1(3c)",
"status": "affected"
},
{
"version": "1.1(3d)",
"status": "affected"
},
{
"version": "1.1(3e)",
"status": "affected"
},
{
"version": "1.1(3f)",
"status": "affected"
},
{
"version": "2.0(1b)",
"status": "affected"
},
{
"version": "2.0(1d)",
"status": "affected"
},
{
"version": "2.0(2g)",
"status": "affected"
},
{
"version": "2.0(2h)",
"status": "affected"
},
{
"version": "2.1(1d)",
"status": "affected"
},
{
"version": "2.1(1e)",
"status": "affected"
},
{
"version": "2.1(2d)",
"status": "affected"
},
{
"version": "2.1(2f)",
"status": "affected"
},
{
"version": "2.2(1e)",
"status": "affected"
},
{
"version": "2.2(1h)",
"status": "affected"
},
{
"version": "2.2(2d)",
"status": "affected"
},
{
"version": "2.3(1c)",
"status": "affected"
},
{
"version": "2.3(2b)",
"status": "affected"
},
{
"version": "2.3(2c)",
"status": "affected"
},
{
"version": "2.3(2d)",
"status": "affected"
},
{
"version": "2.3(2e)",
"status": "affected"
},
{
"version": "3.0(1f)",
"status": "affected"
},
{
"version": "3.0(1i)",
"status": "affected"
}
]
}
]
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%