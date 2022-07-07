Cisco collaboration software vulnerabilities fixed

By on
Cisco collaboration software vulnerabilities fixed

Seven bug-fixes today.

Cisco has patched a pair of vulnerabilities on its Expressway and TelePresence Video Communication Server, one of which has earned “critical” status.

Although only exploitable by an authenticated attacker, CVE-2022-20812 gets its Common Vulnerabilities Scoring System rating of 9.0 because an attacker can overwrite operating system files as root.

Cisco’s advisory explains that the vulnerability exists in the cluster database API of Expressway and TelePresence VCS: “an authenticated, remote attacker with Administrator read-write privileges on the application [could] conduct absolute path traversal attacks on an affected device and overwrite files on the underlying operating system as a root user.”

The vulnerability is the result of “insufficient input validation of user-supplied command arguments,” the advisory continues.

The second vulnerability, CVE-2022-20813, is an error in certificate validation in Expressway and the TelePresence VCS, allowing a remote, unauthenticated attacker to access sensitive data.

“An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between devices, and then using a crafted certificate to impersonate the endpoint”, Cisco said.

“A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.”

For both Expressway and TelePresence VCS, Cisco advises customers to upgrade to software version 14.0.7.

CVE-2022-20813 has a high CVSS score of 7.4.

In its semi-regular round of bug-fixes, Cisco also announced six medium-severity vulnerabilities affecting its unified communications, telepresence, and RoomOS products.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
ciscocollaborationexpresswaypatchroomossecuritysecurity vulnerabilitiestelepresenceunified communicationsvulnerability

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can&#8217;t protect what you can&#8217;t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

Most Read Articles

Australia scraps digital passenger cards for international arrivals

Australia scraps digital passenger cards for international arrivals
PayTo rollout kicks off

PayTo rollout kicks off
Services Australia spends $50m on IBM Power hardware upgrade

Services Australia spends $50m on IBM Power hardware upgrade
Westpac sets sights on hybrid meeting spaces

Westpac sets sights on hybrid meeting spaces

Digital Nation

Personalisation strategies need to be built from the ground up
Personalisation strategies need to be built from the ground up
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Multicloud business drivers at MLC Life Insurance
Case study: AFL kicks goals with its new digital platform
Case study: AFL kicks goals with its new digital platform
Case Study: EY invests in AI to improve approach to flexible working
Case Study: EY invests in AI to improve approach to flexible working
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Good360 deploys NetSuite, Magento and Salesforce

Log In

  |  Forgot your password?