• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical patches issued for cisco expressway series, telepresence vcs products

Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products

You are here: Home / General Cyber Security News / Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products
March 3, 2022

Cisco this week shipped patches to tackle a new round of critical security vulnerabilities impacting Expressway Sequence and Cisco TelePresence Online video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code.

The two flaws – tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS scores: 9.) – relate to an arbitrary file write and a command injection flaw in the API and web-based administration interfaces of the two merchandise that could have serious impacts on impacted systems.

The organization claimed both equally the issues stem from inadequate input validation of consumer-supplied command arguments, a weak point that could be weaponized by an authenticated, distant attacker to have out directory traversal attacks, overwrite arbitrary files, and run destructive code on the underlying working method as the root consumer.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Automatic GitHub Backups

“These vulnerabilities ended up identified all through inner security tests by Jason Crowder of the Cisco Sophisticated Security Initiatives Group (ASIG),” the company mentioned in its advisory released Wednesday.

Also tackled by Cisco are 3 other flaws in StarOS, Cisco Id Services Motor RADIUS Support, and Cisco Extremely Cloud Main – Subscriber Microservices Infrastructure software –

  • CVE-2022-20665 (CVSS rating: 6.) – A command injection vulnerability in Cisco StarOS that could make it possible for an enable an attacker with administrative credentials to execute arbitrary code with root privileges
  • CVE-2022-20756 (CVSS rating: 8.6) – A denial-of-company (DoS) vulnerability affecting the RADIUS element of Cisco Identity Products and services Motor (ISE)
  • CVE-2022-20762 (CVSS score: 7.8) – A privilege escalation flaw in the Frequent Execution Surroundings (CEE) ConfD CLI of Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure (SMI) application that could allow an authenticated, area attacker to escalate to root privileges

Prevent Data Breaches

Cisco also famous that it uncovered no proof of malicious exploitation of the vulnerabilities, introducing they were being possibly found in the course of inner security screening or all through the resolution of a Cisco Technological Support Centre (TAC) assist circumstance.

But yet, prospects are urged to update to the most recent versions as quickly as probable to mitigate any potential in-the-wild attacks.

Observed this post attention-grabbing? Follow THN on Facebook, Twitter  and LinkedIn to go through more distinctive articles we put up.


Some parts of this posting are sourced from:
thehackernews.com

Previous Post: «how to automate offboarding to keep your company safe How to Automate Offboarding to Keep Your Company Safe
Next Post: Microsoft releases Defender for Azure Cosmos DB in preview microsoft releases defender for azure cosmos db in preview»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • The Golden Hour of Incident Response
  • Microsoft Defender drops “downpour” of false ransomware alerts on customers
  • Landmark Online Safety Bill Introduced to UK Parliament
  • Conversation Hijacking Soars 270% to Enable BEC
  • Supreme Court rules NSW elections void after IT glitch
  • Raspberry Pi Users Urged to Change Default Passwords as Attacks Surge
  • Russia Uses Deepfake of Zelensky to Spread Disinformation
  • How to secure business printers
  • TrickBot Malware Abusing Hacked IoT Devices as Command-and-Control Servers
  • SentinelOne to acquire Attivo Networks for $617 million

Copyright © TheCyberSecurity.News, All Rights Reserved.