Security News > 2022 > April > Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA

Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA
2022-04-21 22:15

Networking equipment maker Cisco has released security updates to address three high-severity vulnerabilities in its products that could be exploited to cause a denial-of-service condition and take control of affected systems.

The first of the three flaws, CVE-2022-20783, affects Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software, and stems from a lack of proper input validation, allowing an unauthenticated, remote attacker to send specially crafted traffic to the devices.

The issue has been addressed in Cisco TelePresence CE Software versions 9.15.10.8 and 10.11.2.2.

CVE-2022-20773, the second flaw to be patched, concerns a static SSH host key that's present in Cisco Umbrella Virtual Appliance running a software version earlier than 3.3.2, potentially permitting an attacker to perform a man-in-the-middle attack on an SSH connection and hijack the administrator credentials.

A third high-severity vulnerability is a case of privilege escalation in Cisco Virtualized Infrastructure Manager that grants an authenticated, local attacker to escalate privileges on devices.

"A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device," the company said.


News URL

https://thehackernews.com/2022/04/cisco-releases-security-patches-for.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-04-21 CVE-2022-20783 Improper Input Validation vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint
A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-20
7.5
2022-04-21 CVE-2022-20773 Use of Hard-coded Credentials vulnerability in Cisco Umbrella
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA.
network
high complexity
cisco CWE-798
8.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751