Cloud security daily 220707: Cisco Expressway series and telepresence video communication server have found remote attack vulnerabilities and need to be upgraded as soon as possible

7 month 7 Japan , Cisco has released a security update , Fixed Cisco Expressway Series and telepresence video communication server . Here are the details of the vulnerability ：

Vulnerability Details

source ：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH

1.CVE-2022-20812 CVSS score ：9.0 severity : important

Cisco Expressway Series and Cisco TelePresence VCS Cluster database for API A vulnerability in may allow an authenticated remote attacker to have administrator read and write access to the application , To carry out absolute path traversal attack on the affected devices and overwrite the file root user on the underlying operating system .

This vulnerability is due to insufficient input validation of user supplied command parameters . An attacker can exploit this vulnerability by authenticating to the system as an administrative read-write user and submitting carefully designed input to the affected command . Successful exploitation may allow an attacker to root Identity covers any file user on the underlying operating system .

2.CVE-2022-20813 CVSS score ：7.4 severity : high

Cisco Expressway Series and Cisco TelePresence VCS A vulnerability in certificate validation may allow unauthenticated remote attackers unauthorized access to sensitive data .

This vulnerability is caused by incorrect certificate validation . Attackers can intercept traffic between devices by using man in the middle Technology , Then use the crafted certificate to simulate the endpoint to exploit this vulnerability . Successful exploitation may allow attackers to view the intercepted traffic or change the content of the traffic in clear text .

Affected products

The above vulnerability affects those using the default configuration Cisco Expressway Series and Cisco TelePresence VCS 14.0 Up to .

Solution

Cisco Expressway Series and Cisco TelePresence VCS To upgrade to 14.0.7 Version repairable

View more vulnerability information And upgrade, please visit the official website ：

https://tools.cisco.com/security/center/publicationListing.x