Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA

by admin 0 Comments

Cyber Security

Products You May Like

Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Networking equipment maker Cisco has released security updates to address three high-severity vulnerabilities in its products that could be exploited to cause a denial-of-service (DoS) condition and take control of affected systems.

The first of the three flaws, CVE-2022-20783 (CVSS score: 7.5), affects Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software, and stems from a lack of proper input validation, allowing an unauthenticated, remote attacker to send specially crafted traffic to the devices.

CyberSecurity

“A successful exploit could allow the attacker to cause the affected device to either reboot normally or reboot into maintenance mode, which could result in a DoS condition on the device,” the company noted in an advisory.

Credited with discovering and reporting the flaw is the U.S. National Security Agency (NSA). The issue has been addressed in Cisco TelePresence CE Software versions 9.15.10.8 and 10.11.2.2.

CVE-2022-20773 (CVSS score: 7.5), the second flaw to be patched, concerns a static SSH host key that’s present in Cisco Umbrella Virtual Appliance (VA) running a software version earlier than 3.3.2, potentially permitting an attacker to perform a man-in-the-middle (MitM) attack on an SSH connection and hijack the administrator credentials.

A third high-severity vulnerability is a case of privilege escalation in Cisco Virtualized Infrastructure Manager (CVE-2022-20732, CVSS score: 7.8) that grants an authenticated, local attacker to escalate privileges on devices. It’s been resolved in version 4.2.2 of the software.

CyberSecurity

“A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device,” the company said.

Also addressed by Cisco are 10 medium-severity bugs spanning its product portfolio, including Webex Meeting, Unified Communications Products, Umbrella Secure Web Gateway, and IOS XR Software.

This article was originally published by Thehackernews.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

iPhone 14 at an Effective Price of Rs. 34,900 With Exchange Offer During Monsoon Fest Sale
Boat Lunar Oasis With Bluetooth Calling, 1.43-Inch AMOLED Display Launched in India
OnePlus Nord 4 to Launch Alongside Pad 2, Watch 2R, and Nord Buds 3 Pro on July 16
Microsoft Copilot Reportedly Tests Ability to Perform Tasks on Windows 11-Linked Android Phones
Tesla shares wipe out loss for the year with 27% rally this week

Leave a Reply

Your email address will not be published. Required fields are marked *