HomeUpdateAre these Significant security flaws already addressed by Cisco ?

Are these Significant security flaws already addressed by Cisco ?

-

We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 05/03/2022 by Nidhi Khandelwal

Cisco released updates this week to address a new set of significant security flaws in the Expressway Series and Cisco TelePresence Video Communication Server (VCS) that might allow a hacker to obtain elevated access and run arbitrary code.

The two weaknesses – CVE-2022-20754 and CVE-2022-20755 (CVSS scores: 9.0) – are related to an arbitrary file write and a command injection flaw in the two products’ API and web-based administration interfaces, respectively, and might have catastrophic consequences for vulnerable systems.

Are these Significant security flaws already addressed by Cisco ? 1

Both flaws, according to the company, stem from a lack of input validation of user-supplied command arguments, a flaw that could be exploited by a remote attacker to carry out directory traversal attacks, overwrite arbitrary files, and run malicious code as the root user on the underlying operating system.

Are these Significant security flaws already addressed by Cisco ? 2

Cisco further stated that the vulnerabilities were discovered during internal security testing or during the resolution of a Cisco Technical Assistance Center (TAC) support issue, and that no evidence of malicious exploitation of the flaws was discovered.

Customers are encouraged to update to the most recent versions as soon as possible to avoid any potential in-the-wild assaults.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

Data Science Drives Personalized Marketing and Customer Engagement to New Heights...

0
Personalized marketing and customer engagement are crucial for businesses to thrive in the current digital era. Because data science makes it possible for marketers...