• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical patches issued for cisco expressway series, telepresence vcs products

Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products

You are here: Home / General Cyber Security News / Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products
March 3, 2022

Cisco this week shipped patches to tackle a new round of critical security vulnerabilities impacting Expressway Sequence and Cisco TelePresence Online video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code.

The two flaws – tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS scores: 9.) – relate to an arbitrary file write and a command injection flaw in the API and web-based administration interfaces of the two merchandise that could have serious impacts on impacted systems.

The organization claimed both equally the issues stem from inadequate input validation of consumer-supplied command arguments, a weak point that could be weaponized by an authenticated, distant attacker to have out directory traversal attacks, overwrite arbitrary files, and run destructive code on the underlying working method as the root consumer.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Automatic GitHub Backups

“These vulnerabilities ended up identified all through inner security tests by Jason Crowder of the Cisco Sophisticated Security Initiatives Group (ASIG),” the company mentioned in its advisory released Wednesday.

Also tackled by Cisco are 3 other flaws in StarOS, Cisco Id Services Motor RADIUS Support, and Cisco Extremely Cloud Main – Subscriber Microservices Infrastructure software –

  • CVE-2022-20665 (CVSS rating: 6.) – A command injection vulnerability in Cisco StarOS that could make it possible for an enable an attacker with administrative credentials to execute arbitrary code with root privileges
  • CVE-2022-20756 (CVSS rating: 8.6) – A denial-of-company (DoS) vulnerability affecting the RADIUS element of Cisco Identity Products and services Motor (ISE)
  • CVE-2022-20762 (CVSS score: 7.8) – A privilege escalation flaw in the Frequent Execution Surroundings (CEE) ConfD CLI of Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure (SMI) application that could allow an authenticated, area attacker to escalate to root privileges

Prevent Data Breaches

Cisco also famous that it uncovered no proof of malicious exploitation of the vulnerabilities, introducing they were being possibly found in the course of inner security screening or all through the resolution of a Cisco Technological Support Centre (TAC) assist circumstance.

But yet, prospects are urged to update to the most recent versions as quickly as probable to mitigate any potential in-the-wild attacks.

Observed this post attention-grabbing? Follow THN on Facebook, Twitter  and LinkedIn to go through more distinctive articles we put up.


Some parts of this posting are sourced from:
thehackernews.com

Previous Post: «how to automate offboarding to keep your company safe How to Automate Offboarding to Keep Your Company Safe
Next Post: Microsoft releases Defender for Azure Cosmos DB in preview microsoft releases defender for azure cosmos db in preview»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.