Cisco on Wednesday rolled out patches to address three security flaws affecting its goods, together with a high-severity weakness disclosed in NVIDIA Information Airplane Progress Package (MLNX_DPDK) late previous thirty day period.
Tracked as CVE-2022-28199 (CVSS score: 8.6), the vulnerability stems from a absence of suitable error dealing with in DPDK’s network stack, enabling a distant adversary to bring about a denial-of-assistance (DoS) problem and result in an effects on facts integrity and confidentiality.
“If an mistake situation is noticed on the product interface, the system may well both reload or fail to obtain traffic, ensuing in a denial-of-support (DoS) issue,” Cisco explained in a notice printed on September 7.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
DPDK refers to a set of libraries and optimized network interface card (NIC) drivers for rapid packet processing, giving a framework and popular API for significant-velocity networking applications.
Cisco explained it investigated its products lineup and determined the pursuing products and services to be afflicted by the bug, prompting the networking devices maker to launch software package updates –
- Cisco Catalyst 8000V Edge Application
- Adaptive Security Virtual Appliance (ASAv), and
- Protected Firewall Risk Defense Virtual (previously FTDv)
Apart from CVE-2022-28199, Cisco has also fixed a vulnerability in its Cisco SD-WAN vManage Application that could “allow for an unauthenticated, adjacent attacker who has obtain to the VPN0 rational network to also access the messaging company ports on an influenced technique.”
The corporation blamed the shortcoming – assigned the identifier CVE-2022-20696 (CVSS rating: 7.5) – on the absence of “ample protection mechanisms” in the messaging server container ports. It credited Orange Organization for reporting the vulnerability.
Thriving exploitation of the flaw could permit the attacker to perspective and inject messages into the messaging services, which can cause configuration improvements or induce the procedure to reload, Cisco explained.
A 3rd flaw remediated by Cisco is a vulnerability in the messaging interface of Cisco Webex App (CVE-2022-20863, CVSS rating: 4.3), which could empower an unauthenticated, remote attacker to modify one-way links or other content and carry out phishing attacks.
“This vulnerability exists simply because the afflicted program does not thoroughly deal with character rendering,” it stated. “An attacker could exploit this vulnerability by sending messages within the software interface.”
Cisco credited Rex, Bruce, and Zachery from Binance Crimson Group for exploring and reporting the vulnerability.
Last of all, it also disclosed aspects of an authentication bypass bug (CVE-2022-20923, CVSS score: 4.) influencing Cisco Modest Small business RV110W, RV130, RV130W, and RV215W Routers, which it explained will not be mounted owing to the products and solutions achieving conclude-of-lifetime (EOL).
“Cisco has not released and will not release application updates to address the vulnerability,” it explained, encouraging users to “migrate to Cisco Small Company RV132W, RV160, or RV160W Routers.”
Uncovered this report interesting? Follow THN on Fb, Twitter and LinkedIn to examine additional unique written content we write-up.
Some elements of this posting are sourced from:
thehackernews.com