- 202/2022
- High
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system.
The released updates to fix multiple vulnerabilities affecting Cisco devices if they are running a vulnerable release of Cisco SD-WAN vManage Software, Cisco Catalyst 8000V Edge Software, Adaptive Security Virtual Appliance (ASAv), Secure Firewall Threat Defense Virtual (formerly FTDv), Cisco Webex App, and some of Cisco Small Business RV Series Routers if the IPSec VPN Server feature is enabled.
The addressed vulnerabilities could allow the attackers to perform several attacks such as denial of service, bypassing security restrictions, phishing, or spoofing attacks.
Samples of the addressed vulnerabilities:
- Cisco SD-WAN vManage Software Security Bypass (CVE-2022-20696):
The remote attacker could bypass security restrictions due to the lack of protection mechanisms in the messaging server container ports.- CVSS: 7.5
- Attack Vector: Adjacent Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
- Data Plane Development Kit Denial of Service (CVE-2022-28199):
The addressed vulnerability found in NVIDIA Data Plane Development Kit Affects Cisco devices. If an error condition is observed on the device interface, the device may either reload or fail to receive traffic, resulting in a denial of service (DoS) condition.- CVSS: 7.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2022-20696
- CVE-2022-28199
- CVE-2022-20863
- CVE-2022-20923
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.
https://tools.cisco.com/security/center/publicationListing.x