- 146/2022
- Critical
Cisco has released security updates to address several vulnerabilities in multiple Cisco products such as Cisco Smart Software Manager, Cisco Unified Communications Products, Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS).
Analysis
The addressed vulnerabilities could allow the remote attacker to conduct several attacks on the affected systems, such as cross-site scripting, directory traversal, man-in-the middle, denial of service, security bypass, and information disclosure.
Samples of the addressed vulnerabilities:
- Cisco Expressway Series and TelePresence Video Communication Server Directory Traversal (CVE-2022-20812):
- CVSS: 9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Obtain Information
- Cisco Smart Software Manager On-Prem Denial of Service (CVE-2022-20808):
- CVSS: 7.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2022-20812
- CVE-2022-20813
- CVE-2022-20808
- CVE-2022-20752
- CVE-2022-20859
- CVE-2022-20768
- CVE-2022-20815
- CVE-2022-20800
- CVE-2022-20862
- CVE-2022-20791
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.
https://tools.cisco.com/security/center/publicationListing.x