Security News > 2022 > September > Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products
Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit late last month.
Aside from CVE-2022-28199, Cisco has also resolved a vulnerability in its Cisco SD-WAN vManage Software that could "Allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system."
Successful exploitation of the flaw could permit the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload, Cisco said.
A third flaw remediated by Cisco is a vulnerability in the messaging interface of Cisco Webex App, which could enable an unauthenticated, remote attacker to modify links or other content and conduct phishing attacks.
Cisco credited Rex, Bruce, and Zachery from Binance Red Team for discovering and reporting the vulnerability.
"Cisco has not released and will not release software updates to address the vulnerability," it said, encouraging users to "Migrate to Cisco Small Business RV132W, RV160, or RV160W Routers."
News URL
https://thehackernews.com/2022/09/cisco-releases-security-patches-for-new.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-01 | CVE-2022-28199 | Improper Input Validation vulnerability in Nvidia Data Plane Development KIT 20.111.0.04 NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. | 0.0 |