Rewterz Threat Advisory – CVE-2022-20650 – Cisco NX-OS Software NX-API Vulnerability

Rewterz Threat Advisory – CVE-2022-0517 – Mozilla VPN Vulnerability

February 25, 2022

Rewterz Threat Advisory – CVE-2022-22944- VMware Workspace ONE Boxer Vulnerability

February 25, 2022

Rewterz Threat Advisory – CVE-2022-20650 – Cisco NX-OS Software NX-API Vulnerability

Severity

High

Analysis Summary

CVE-2022-20650

Cisco INX-OS Software could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by command injection vulnerability in the NX-API feature. By sending a specially crafted HTTP POST request to the NX-API, an attacker could exploit this vulnerability to execute arbitrary commands with root privileges.

Impact

Command Execution

Indicators of Compromise

CVE

CVE-2022-20650

Affected Vendors

Cisco

Affected Products

Cisco NX-OS
Cisco Nexus 3000 Series Switches
Cisco Nexus 9000 Series Switches
Cisco Nexus 5500 Platform Switches

Remediation

Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2

Rewterz Threat Advisory – CVE-2022-0517 – Mozilla VPN Vulnerability

Rewterz Threat Advisory – CVE-2022-22944- VMware Workspace ONE Boxer Vulnerability

Rewterz Threat Advisory – CVE-2022-20650 – Cisco NX-OS Software NX-API Vulnerability

Severity

Analysis Summary

CVE-2022-20650

Impact

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan