当前位置:网站首页>Cloud security daily 220707: Cisco Expressway series and telepresence video communication server have found remote attack vulnerabilities and need to be upgraded as soon as possible
Cloud security daily 220707: Cisco Expressway series and telepresence video communication server have found remote attack vulnerabilities and need to be upgraded as soon as possible
2022-07-07 18:39:00 【TechWeb】
7 month 7 Japan , Cisco has released a security update , Fixed Cisco Expressway Series and telepresence video communication server . Here are the details of the vulnerability :
Vulnerability Details
source :https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH
1.CVE-2022-20812 CVSS score :9.0 severity : important
Cisco Expressway Series and Cisco TelePresence VCS Cluster database for API A vulnerability in may allow an authenticated remote attacker to have administrator read and write access to the application , To carry out absolute path traversal attack on the affected devices and overwrite the file root user on the underlying operating system .
This vulnerability is due to insufficient input validation of user supplied command parameters . An attacker can exploit this vulnerability by authenticating to the system as an administrative read-write user and submitting carefully designed input to the affected command . Successful exploitation may allow an attacker to root Identity covers any file user on the underlying operating system .
2.CVE-2022-20813 CVSS score :7.4 severity : high
Cisco Expressway Series and Cisco TelePresence VCS A vulnerability in certificate validation may allow unauthenticated remote attackers unauthorized access to sensitive data .
This vulnerability is caused by incorrect certificate validation . Attackers can intercept traffic between devices by using man in the middle Technology , Then use the crafted certificate to simulate the endpoint to exploit this vulnerability . Successful exploitation may allow attackers to view the intercepted traffic or change the content of the traffic in clear text .
Affected products
The above vulnerability affects those using the default configuration Cisco Expressway Series and Cisco TelePresence VCS 14.0 Up to .
Solution
Cisco Expressway Series and Cisco TelePresence VCS To upgrade to 14.0.7 Version repairable
View more vulnerability information And upgrade, please visit the official website :
https://tools.cisco.com/security/center/publicationListing.x
边栏推荐
- More than 10000 units were offline within ten days of listing, and the strength of Auchan Z6 products was highly praised
- golang 客户端服务端登录
- gsap动画库
- [demo] circular queue and conditional lock realize the communication between goroutines
- Idea completely uninstalls installation and configuration notes
- Tips of this week 135: test the contract instead of implementation
- Kubernetes DevOps CD工具对比选型
- Personal best practice demo sharing of enum + validation
- 海量数据去重的hash,bitmap与布隆过滤器Bloom Filter
- Some key points in the analysis of spot Silver
猜你喜欢
Discuss | frankly, why is it difficult to implement industrial AR applications?
Chapter 3 business function development (to remember account and password)
【蓝桥杯集训100题】scratch从小到大排序 蓝桥杯scratch比赛专项预测编程题 集训模拟练习题第17题
回归测试的分类
gsap动画库
线程池和单例模式以及文件操作
Summary of debian10 system problems
DataSimba推出微信小程序,DataNuza接受全场景考验? | StartDT Hackathon
Nunjuks template engine
性能测试过程和计划
随机推荐
Chapter 3 business function development (user access project)
线程池中的线程工厂
回归测试的分类
Kirk Borne的本周学习资源精选【点击标题直接下载】
4种常见的缓存模式,你都知道吗?
Tips for short-term operation of spot silver that cannot be ignored
Sports Federation: resume offline sports events in a safe and orderly manner, and strive to do everything possible for domestic events
开发一个小程序商城需要多少钱?
Is it safe to open an online futures account now? How many regular futures companies are there in China?
数学分析_笔记_第11章:Fourier级数
What skills can you master to be a "master tester" when doing software testing?
[trusted computing] Lesson 13: TPM extended authorization and key management
Backup Alibaba cloud instance OSS browser
【蓝桥杯集训100题】scratch从小到大排序 蓝桥杯scratch比赛专项预测编程题 集训模拟练习题第17题
AI defeated mankind and designed a better economic mechanism
The highest level of anonymity in C language
socket編程之常用api介紹與socket、select、poll、epoll高並發服務器模型代碼實現
五种网络IO模型
AI 击败了人类,设计了更好的经济机制
云安全日报220707:思科Expressway系列和网真视频通信服务器发现远程攻击漏洞,需要尽快升级