- 224/2022
- High
Cisco has released security updates to address several vulnerabilities in multiple Cisco products
The severity of the addressed vulnerabilities could allow the attacker to fully compromise the Cisco NFVIS system and cause a denial of service.
Samples of the addressed vulnerabilities:
1. Cisco Enterprise NFV Infrastructure Software (NFVIS) code execution (CVE 2022-20929):
• CVSS: 7.8
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Requires
• Consequences: Gain Access
2. Cisco Expressway Series and Cisco TelePresence Video Communication Server cross-site request forgery (CVE-2022-20853):
• CVSS: 7.4
• Attack Vector: Network
• Attack Complexity: High
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
Vulnerabilities
- CVE-2022-20814
- CVE-2022-20853
- CVE-2022-20929
- CVE-2021-27853
- CVE-2021-27854
- CVE-2021-27861
- CVE-2021-27862
- CVE-2022-20952
- CVE-2022-20917
- CVE-2022-20939
- CVE-2022-20948
- CVE-2022-20686
- CVE-2022-20687
- CVE-2022-20688
- CVE-2022-20689
- CVE-2022-20690
- CVE-2022-20691
- CVE-2022-20766
- CVE-2022-20793
- CVE-2022-20931
- CVE-2022-20871
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed. https://tools.cisco.com/security/center/publicationListing.x