Cisco released security patches to address a critical vulnerability, tracked as CVE-2022-20812 (CVSS score of 9.0), in the Expressway series and TelePresence Video Communication Server (VCS).
A remote attacker can trigger the flaw to overwrite files on the underlying operating system with root privileges.
The vulnerability impacts Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices.
“A vulnerability in the cluster database API of Cisco Expressway Series and Cisco TelePresence VCS could allow an authenticated, remote attacker with Administratorread-write privileges on the application to conduct absolute path traversal attacks on an affected device and overwrite files on the underlying operating system as a root user.” reads the advisory published by Cisco.
The root cause of the vulnerability is the insufficient input validation of user-supplied command arguments. Threat actors can trigger the flaw by authenticating to the system as an administrative read-write user and submitting crafted input to the affected command.
The IT giant also addressed a Null Byte poisoning issue, tracked as CVE-2022-20813 (CVSS Score 9.0) in Expressway Series and TelePresence VCS.
“A vulnerability in the certificate validation of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.” reads the advisory.
The flaw is due to improper certificate validation. An attacker can trigger the vulnerability by using a man-in-the-middle technique to intercept the traffic between devices, and then using a crafted certificate to impersonate the endpoint. The attacker can view the intercepted traffic in clear text or manipulate it.
Both issues have been addressed with the release of Expressway series and TelePresence VCS release 14.0.7, but no workarounds that address these vulnerabilities are available.
The good news is that the IT giant is not aware of attacks in the wild exploiting these vulnerabilities.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, CISCO)
[adrotate banner=”5″]
[adrotate banner=”13″]
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
This website uses cookies.