Cisco Released Security Updates

By /
  • 153/2022
  • Critical

Cisco has released a security update to fix vulnerabilities across multiple products. The remote attacker could exploit these vulnerabilities to gain access, obtain information, and cause a denial of service.

The vulnerabilities’ severities could allow the remote attacker to execute arbitrary code, read or upload container image files, and perform a cross-site request forgery attack. The affected products with the addressed vulnerabilities are Cisco Nexus Dashboard, Cisco Small Business RV110W, RV130, RV130W, RV215W Routers, Cisco IoT Control Center, and Cisco Identity Services Engine.

Sample of the addressed vulnerabilities:

  1. Cisco Nexus Dashboard Arbitrary Command Execution Vulnerability (CVE-2022- 20857):
    • CVSS: 9.8
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Consequences: Gain Access
    • Remediation Level: Official Fix

  2. Cisco Nexus Dashboard Cross-Site Request Forgery (CVE-2022-20861):
    • CVSS: 8.8
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Consequences: Gain Access
    • Remediation Level: Official Fix
Vulnerabilities
  • CVE-2022-20861
  • CVE-2022-20857
  • CVE-2022-20858
  • CVE-2022-20906
  • CVE-2022-20907
  • CVE-2022-20908
  • CVE-2022-20860
  • CVE-2022-20873
  • CVE-2022-20874
  • CVE-2022-20913
  • CVE-2022-20916
Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.
https://tools.cisco.com/security/center/publicationListing.x?

References

https://tools.cisco.com/security/center/publicationListing.x?