Security News > 2022 > June > Cisco warns of security holes in its security appliances
Cisco has alerted customers to four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances.
The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances.
This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far.
The 9.1-severity vuln, tracked as CVE-2022-20829, is in the packaging of Cisco Adaptive Security Device Manager software images and the validation of those images by Cisco Adaptive Security Appliance software.
Cisco only has software updates for ASA software releases 9.17 and earlier.
Cisco warned customers about a 6.5-severity flaw in the CLI parser of the Cisco FirePOWER Software for Adaptive Security Appliance FirePOWER module tracked as CVE-2022-20828.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/22/cisco_bug_bundle/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2022-20829 | Insufficient Verification of Data Authenticity vulnerability in Cisco products A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. | 7.2 |
| 2022-06-24 | CVE-2022-20828 | Unspecified vulnerability in Cisco ASA Firepower 6.3.0/6.5.0/6.7.0 A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. | 7.2 |