HomeUpdateAre these Significant security flaws already addressed by Cisco ?

Are these Significant security flaws already addressed by Cisco ?

-

Last Updated on 05/03/2022 by Nidhi Khandelwal

Cisco released updates this week to address a new set of significant security flaws in the Expressway Series and Cisco TelePresence Video Communication Server (VCS) that might allow a hacker to obtain elevated access and run arbitrary code.

The two weaknesses – CVE-2022-20754 and CVE-2022-20755 (CVSS scores: 9.0) – are related to an arbitrary file write and a command injection flaw in the two products’ API and web-based administration interfaces, respectively, and might have catastrophic consequences for vulnerable systems.

Are these Significant security flaws already addressed by Cisco ? 1

Both flaws, according to the company, stem from a lack of input validation of user-supplied command arguments, a flaw that could be exploited by a remote attacker to carry out directory traversal attacks, overwrite arbitrary files, and run malicious code as the root user on the underlying operating system.

Are these Significant security flaws already addressed by Cisco ? 2

Cisco further stated that the vulnerabilities were discovered during internal security testing or during the resolution of a Cisco Technical Assistance Center (TAC) support issue, and that no evidence of malicious exploitation of the flaws was discovered.

Customers are encouraged to update to the most recent versions as soon as possible to avoid any potential in-the-wild assaults.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...