• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisco patches critical bugs in collaboration products

Cisco patches critical bugs in collaboration products

You are here: Home / General Cyber Security News / Cisco patches critical bugs in collaboration products
March 3, 2022

Cisco has patched two critical bugs that could allow attackers to write files and operate arbitrary code on its movie conferencing and collaboration merchandise.

Every bug influences the firm’s Cisco Expressway collection of collaboration servers and its TelePresence Online video Conversation Server (VCS).

The initially vulnerability, CVE-2022-20754, lets a remote attacker to compose files to the procedure. It lies in the products’ cluster databases API, which does not properly validate user input. This enables attackers to authenticate as an administrative person and then submit malicious input by way of a listing traversal attack. They could then generate their own files with root privileges, which includes overwriting current working method files.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The next flaw, CVE-2022-20755, lets an attacker to execute arbitrary code by exploiting the products’ web management interface. An attacker could log in as an admin and then craft destructive input that would let them run their own code as root.

These vulnerabilities, just about every of which has a 9. CVSS score, do not depend on just about every other, Cisco reported in its advisory. with buyers remaining advised to put in both equally patches to defend their methods.

Cisco Expressway is a series of products supporting collaboration with consumers outdoors of a company’s firewall. The method, which operates without having the require for a VPN consumer, supports video clip, voice, and fast messaging. End users can also see just about every others’ presence details.

The TelePresence VCS is a server for running video clip conferencing periods. It will work as an appliance on a customer’s premises or in the cloud, and supports conversation amongst diverse movie conferencing platforms.

TelePresence VCS has not been offered given that December 2020. Cisco will quit issuing software upkeep patches for this merchandise on December 29 this 12 months and will halt supplying support totally at the close of 2023.


Some pieces of this post are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News Most Disclosed ICS Vulnerabilities are Low Complexity
Next Post: HHS Issues Threat Warning to US Healthcare Sector Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.