- 243/2022
- High
Cisco has released security updates to fix vulnerabilities in multiple products.
The severity of the addressed vulnerabilities could allow the remote attacker to take control of the affected system, and cause a denial of service.
Sample of The Addressed Vulnerabilities:
1- Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability (CVE-2022-20933)
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
2- Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CVE-2022-
20959):
- CVSS: 6.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Acess
Affected Products:
- Cisco Meraki MX
- Cisco ISE
- Cisco Jabber
- TelePresence CE Software
- RoomOS Software in the cloud-aware on-premises operation
- Cisco ISE Software
Note: Cisco plans to release software updates that address CVE-2022-20822.
Vulnerabilities
- CVE-2022-20933
- CVE-2022-20822
- CVE-2022-20917
- CVE-2022-20953
- CVE-2022-20955
- CVE-2022-20811
- CVE-2022-20776
- CVE-2022-20954
- CVE-2022-20959
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.