MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61

 | 

Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Qantas cuts executive bonuses by 15% after a July data breach

 | 

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

 | 

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

 | 

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

 | 

SVG files used in hidden malware campaign impersonating Colombian authorities

 | 

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

 | 

$10M reward for Russia's FSB officers accused of hacking US Critical infrastructure

 | 

Severe Hikvision HikCentral product flaws: What You Need to Know

 | 

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

 | 

Google addressed two Android flaws actively exploited in targeted attacks

 | 

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

 | 

Android droppers evolved into versatile tools to spread malware

 | 

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

 | 

Cloudflare blocked a record 11.5 Tbps DDoS attack

 | 

Palo Alto Networks disclosed a data breach linked to Salesloft Drift incident

 | 

Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

 | 

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

 | 

Crooks exploit Meta malvertising to target Android users with Brokewell

 | 

Cisco fixed a critical arbitrary File Overwrite flaw in Enterprise Communication solutions

Pierluigi Paganini July 08, 2022

Cisco fixed a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products.

Cisco released security patches to address a critical vulnerability, tracked as CVE-2022-20812 (CVSS score of 9.0), in the Expressway series and TelePresence Video Communication Server (VCS).

A remote attacker can trigger the flaw to overwrite files on the underlying operating system with root privileges.

The vulnerability impacts Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices.

“A vulnerability in the cluster database API of Cisco Expressway Series and Cisco TelePresence VCS could allow an authenticated, remote attacker with Administratorread-write privileges on the application to conduct absolute path traversal attacks on an affected device and overwrite files on the underlying operating system as a root user.” reads the advisory published by Cisco.

The root cause of the vulnerability is the insufficient input validation of user-supplied command arguments. Threat actors can trigger the flaw by authenticating to the system as an administrative read-write user and submitting crafted input to the affected command.

The IT giant also addressed a Null Byte poisoning issue, tracked as CVE-2022-20813 (CVSS Score 9.0) in Expressway Series and TelePresence VCS.

“A vulnerability in the certificate validation of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.” reads the advisory.

The flaw is due to improper certificate validation. An attacker can trigger the vulnerability by using a man-in-the-middle technique to intercept the traffic between devices, and then using a crafted certificate to impersonate the endpoint. The attacker can view the intercepted traffic in clear text or manipulate it.

Both issues have been addressed with the release of Expressway series and TelePresence VCS release 14.0.7, but no workarounds that address these vulnerabilities are available.

The good news is that the IT giant is not aware of attacks in the wild exploiting these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISCO)

[adrotate banner=”5″]

[adrotate banner=”13″]

CISCO hacking news information security news TelePresence Video Communication Server

you might also like

Pierluigi Paganini September 07, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61
Read more
Pierluigi Paganini September 07, 2025
Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61

Breaking News / September 07, 2025

Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / September 07, 2025

Qantas cuts executive bonuses by 15% after a July data breach

Data Breach / September 06, 2025

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

Security / September 06, 2025

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

Hacking / September 05, 2025